k, figured it out.
Apparently, wp_remote_get() doesn't have up-to-date certificate authorities, or perhaps doesn't have any at all, so it can't verify ssl certificates. I suppose this is Windows-specific? Not sure.
This article talks about it
http://wordpress.stackexchange.com/questions/21749/what-is-the-relationship-between-curl-wordpress-and-cacert-pem
So the two options are to install certificate authorities, which I couldn't figure out, or to turn off ssl verification
in twitter-widget-pro/lib/wp-twitter.php
find this
$resp = wp_remote_get($request_url);
and change to this
$resp = wp_remote_get($request_url, array('sslverify'=>false));
just in case I also changed this
$resp = wp_remote_request($request_url, array( 'method'=>$method, 'body'=>$parameters));
to this
$resp = wp_remote_request($request_url, array( 'method'=>$method, 'body'=>$parameters, 'sslverify'=>false));