You are correct in preferring a public-key signature scheme to a shared-secret scheme. While a correct implementation of HMAC-SHA1 should resist forgery as well as RSA-SHA1, there are numerous drawbacks to shared-secret schemes in general that you noticed.
Another weakness in OAuth with RSA-SHA1 in the section you cite is that you have to implement your own PKI or other scheme for validating the source of RSA public keys. Like so many other specs, it punts on this hard issue.
If you are lucky enough to control both the server and client then this isn't a big deal. You can just distribute the public key along with your client SDK. Granted, this is a specific case.
Another weakness in OAuth with RSA-SHA1 in the section you cite is that you have to implement your own PKI or other scheme for validating the source of RSA public keys. Like so many other specs, it punts on this hard issue.