ESPN App retains login info after iPhone wiped clean

A few days ago my new iPhone 5 arrived, so I handed down my 4S to my fiancé (she originally had a 4). Before the switch I completely erased everything, put in her SIMM card, and restored it from her iCloud backup. Two days later, she downloaded the ESPN Scorecenter App for the first time, from her iTunes account, and upon launching it, to my surprise, it signed in under my username and password, and had all my team alerts and settings ready to go.

I vaguely remember a year or two ago after turning in my 4 to the Apple Store for replacement under warranty, not long after that my team alerts on the ESPN App just constantly started disappearing until I finally changed the password (my guess is they sold it as a refurbished phone). And again, everything on the phone was completely erased before it left my hands.

Has anyone else ever experienced that with this app or any other app and know why it might be happening? I am planning to sell the old 4 on eBay this week, and it concerns me that some random person could buy it and install an app that was previously on there and pull up my or my fiancé's accounts.

I suspect it is the UDID, and here is further proof. I powered up the iPhone 4 my fiancé has been using since October 2011 until last week, the same one I had used from February 2011 to October 2011, and when I downloaded the ESPN Scorecenter app to that phone and launched it, it logged in as me - same exact thing that happened on the 4S. It had been over 1 year since I had used that phone and the app had been on there, and yet it still logged in as me.

I am going back and reinstalling every possible app that I ever could have possibly used on that phone to see if any others do this, and if I find any I will post them to this thread. I'm also going to try to notify Apple that this App has a major security flaw, although it is not inherently obvious on how to report something like that.

Logging out does work, and so does changing the password, but that's not the point. The point is, the App should not be automatically logging me back in after the phone has been wiped clean and is either set up as a new device or restored with another persons backup - both of which have happened. This is why I suspect the ESPN App is linking my current and previous iPhone's UDID with my ESPN account's automatic login credentials.