By the same logic, a crasher because you forgot to check for NULL is an oversight rather than a bug. Both are cases of checks that should have been done and incorrect behaviors caused by failure to perform those checks. I say, if a piece of code does something it isn't intended to do or fails to do something it is meant to do, that's a bug. The bug might be the result of a poor design decision, but unless the behavior is intentional, it's a bug.
I wasn't aware that the feature was public. If it was a public feature, and it was failing to check that the target had actually added you, then sure - it's a bug.
I assumed that it was more of an intentional 'backdoor'.
As far as I'm aware, it's a feature that's meant to allow users to accept followers by text (there's a separate interface on the website for accepting follow requests). The bug is that it didn't check whether those people had actually requested to follow you. That's what articles on the subject have indicated, anyway.