Delicious founder Joshua Schachter says that URL shorteners like TinyURL are a bad idea, because they make the web more fragile, dependent on the shortener services as central points of failure. They also assist spammers, undermine googlejuice, and expose users to security vulnerabilities. I agree — and I like Kottke's suggestion: "With respect to Twitter, I would like to see two things happen:
1) That they automatically unshorten all URLs except when the 140 character limit is necessary in SMS messages.
2) In cases where shortening is necessary, Twitter should automatically use a shortener of their own."
The transit's main problem with these systems is that a link that used to be transparent is now opaque and requires a lookup operation. From my past experience with Delicious, I know that a huge proportion of shortened links are just a disguise for spam, so examining the expanded URL is a necessary step. The transit has to hit every shortened link to get at the underlying link and hope that it doesn't get throttled. It also has to log and store every redirect it ever sees.
The publisher's problems are milder. It's possible that the redirection steps steals search juice — I don't know how search engines handle these kinds of redirects. It certainly makes it harder to track down links to the published site if the publisher ever needs to reach their authors. And the publisher may lose information about the source of its traffic.
But the biggest burden falls on the clicker, the person who follows the links. The extra layer of indirection slows down browsing with additional DNS lookups and server hits. A new and potentially unreliable middleman now sits between the link and its destination. And the long-term archivability of the hyperlink now depends on the health of a third party. The shortener may decide a link is a Terms Of Service violation and delete it. If the shortener accidentally erases a database, forgets to renew its domain, or just disappears, the link will break. If a top-level domain changes its policy on commercial use, the link will break. If the shortener gets hacked, every link becomes a potential phishing attack.