I believe the author just has a technical misunderstanding of the way APNS works. In no ways is APNS aware of accounts logged in or logged out of a service - all of this happens on the app developer's server backend. The author's case is properly laid out, but the fault is of the app developer rather than APNS. Developers should take note - this is indeed a valid race condition.
APNS is simply an exchange between a remote service (ex. Twitter) and an application that has registered for remote notifications (ex. Twitter app). APNS knows nothing more than the key that it provided to Twitter to identify this device in a remote push context.
which should unregister it from iOS, even if the network connection isn't available, right? If the call makes it back to Apple's servers, future push notifications shouldn't even get to the device, but even if they do, shouldn't iOS see that it's no longer valid for the application and not display it, bouncing it back to Apple's servers so the token will show up on their Feedback server? Unless I'm mistaken, unregistering for notifications will remove the application from the device's Notification Center settings.
But the original owner still wants to receive push, so you shouldn't unregister. This isn't apple's problem, this is that the twitter app's server doesn't know they logged out and continues to send messages to the phone.
If you logged out of the application, it should unregister. It should only re-register when you log back in (which would require communication with Twitter's servers, which would update the APNS token to point to the correct account). This is how I handle APNS tokens in my Pushover app.
You're right -- this is not only a problem on Apple's side, both Apple and app developers can take measurements to prevent this from happening. On Apple's side this requires fundamental changes in their (un)subscribe mechanism, but that's not likely to happen soon. Therefor, an app developer can implement best practices to ensure this doesn't happen. For example, blocking the UI with an activity indicator until the app receives OK from the APNS when firing the unregister request.
Also, not all apps have an explicit "delete account" option. I've experienced scenarios where I've received push notifications when I'm actually signed out of the app (I've seen this behavior on the Google+ and Airbnb apps, for instance) I guess it really is up to the application developer to send push notifications only for active sessions.
Pretty easy fix for this: don't login on someone else's phone. In the hypothetical, the guy could just login to Twitter via Safari (using the web client). This is a full-featured solution, and you can logout like any web service when you're done.
Ugh, this guy got APNS wrong. An app never needs to register a device with Apple. It's not Apple who sends something, it's still the developer via APNS.
APNS is simply an exchange between a remote service (ex. Twitter) and an application that has registered for remote notifications (ex. Twitter app). APNS knows nothing more than the key that it provided to Twitter to identify this device in a remote push context.