Two different APIs are used; one to check the statuses of all friends of user X, which supplies us with 1. friends, 2. screen names and 3. user ids. The second API retrieves all user ids of the user X's followers. The two resulting lists of these APIs are diffed against each other, and voila - you've got the illoyal ones.
No username or password required to do this (unlike some other services I've seen), as long as your profile isn't protected (in which case you can easily modify it to supply a user / pass). It's completely harmless to run, as long as you don't hammer the Twitter server. The code will spend one API call (out of your total 150 per hour) per 100 friends of the user you target, and another single call to fetch all the followers. If you have more than 10k friends: don't run this.
Here's a fully functional demo. Feel free to try it on your own screen name. Again, no password or cross site scripting takes part here, so it's completely harmless. Input a screen name in the input box, and click the "check" button.
Username:If you want to toy around with the code, it can be found here.