As a security feature, requiring people to enter the password of their Apple ID before disabling Find My iPhone is a helpful move, as it means that someone can't just steal your phone and disable the only methods available to find it. However, a new report on 9to5mac shows that this is actually pretty easy to circumvent.
As shown in the video below, the tipster to the site goes through a step by step process of disabling Find My iPhone and then deleting an iCloud account.
The whole process seems really simple, and apparently just needs access to the phone's settings menu. Once in, you can go to iCloud settings, and then simultaneously disable Find My iPhone and tap "delete account". When you're asked for the password, reboot the device and you can repeat the process, and remove the account. This means that someone with access to the phone can create a new account on your device, and you've got no means to track it.
While the iOS 7 bug will likely be patched out by Apple soon, it highlights the importance of putting a passcode on your phone, or if you have an iPhone 5s, using the TouchID sensor to unlock the phone. These are very basic security measures everyone should take, but would still be more than enough to completely stop an exploit like this in its tracks.
Apple released iOS version 7.0.6 as a patch to provide 'a fix for SSL connection verification', a bug that possibly left email and other encrypted communication open to hacking if the user was connected to an unsecured Wi-Fi network.