I see, thanks for the explanation.
Yeah, it's clear that anyone can mirror anyone else's merge-commits and that this needs to be allowed by the Git protocol. There's an implicit assumption that authenticated users won't push garbage to servers, and in a distributed system this assumption is hard to avoid since such things cannot possibly be verified on every server.
Seems like the best solution would indeed be requiring PRs not merged via the web UI to be closed manually. I can see how Github might be afraid that people would find this too inconvenient. I myself would prefer a solid design over such convenience, though.