It's not that writing "accept [username]" is a bug — the bug is that you can use it to accept people who haven't asked to follow you. Similarly, OK buttons in dialogs are not a bug, but it would be a bug if they all had the same effect as the OK button in the dialog "Are you sure you want to erase your boot drive?"
They specifically made a feature that allows you to respond to follow requests by tweeting "accept username". The bug is not checking that the person has actually requested to follow you when processing that response.
By the same logic, a crasher because you forgot to check for NULL is an oversight rather than a bug. Both are cases of checks that should have been done and incorrect behaviors caused by failure to perform those checks. I say, if a piece of code does something it isn't intended to do or fails to do something it is meant to do, that's a bug. The bug might be the result of a poor design decision, but unless the behavior is intentional, it's a bug.
I wasn't aware that the feature was public. If it was a public feature, and it was failing to check that the target had actually added you, then sure - it's a bug.
I assumed that it was more of an intentional 'backdoor'.
As far as I'm aware, it's a feature that's meant to allow users to accept followers by text (there's a separate interface on the website for accepting follow requests). The bug is that it didn't check whether those people had actually requested to follow you. That's what articles on the subject have indicated, anyway.
Except if in fact it's an artifact of their SMS interface, which somehow got exposed, or was forgotten and not removed when needed. In which case I'd consider it a bug, not an bad but intentional decision.
