Multiple users who've had their iPhones stolen are reporting that iMessage is still linked to their stolen device even after they've conducted a remote wipe, deactivated their iPhone with the carrier, and even changed their Apple ID password. This means that whomever steals or buys a stolen iPhone may have the ability to iMessage from the original owners account, pretty much impersonating them.
Although Apple has yet to comment on the situation, Ars Technica was able to get iOS security expert Jonathan Zdziarski to chime in on his thoughts of why this may be occurring.
"iMessage registers with the subscriber's phone number from the SIM, so let's say you restore the phone, it will still read the phone number from the SIM. I suppose if you change the SIM out after the phone has been configured, the old number might be cached somewhere either on the phone or on Apple's servers with the UDID of the phone."
In short, Apple needs to fix this, and quick. If your iPhone ever gets stolen, there's absolutely no way to remove iMessage from the device -- which will appear as if you were sending the messages yourself -- and the unfortunate part is that there doesn't appear to be a fix in sight.
Source: Ars Technica