Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps
Tor 0.2.3 is supposed to have SOCKS username+password isolation on by default. But with Pidgin and other apps, vidalia still shows circuits being shared between multiple apps using different SOCKS usernames and passwords.
I dug in with Wireshark, and it looks like the problem for Pidgin is that its SOCKS client handshake lists 2 "Client Authorization Methods": "No authentication" and "Username/password". Tor's SOCKS port replies that it only supports "No Authentication", so Pidgin doesn't send the username and password at all!
Tor should reply that it supports "Username/password" in this case if the SOCKS isolation feature is enabled.