Let me tell you a little story about my experience at a local grocery chain. I normally go to Harris Teeter here in North Carolina and I don't use the U-Scan which is what they call the self-checkout here. I mainly don't use it as a way of doing my small part towards saving jobs for humans. But here is another, and a very important reason. I was shopping at another grocery chain, I'll omit the name for obvious reasons, and all the lines were unusually long. So I stepped up to the self-checkout aisle and started my transaction, the system decided it was time to freeze & crash. This isn't the scary part, what happens next as you'll see is what terrified the IT Security person in me. The system reboots itself and the Windows 2000 boot screen appears, as I watch it's username displayed it logs itself into the network. I see two icons on the desktop Internet Explorer & "Checkout System" but nothing auto-launches, so I decide to do a little 'research'. I launch I.E. and sure enough it has internet access, I launch IPConfig & there is a Class C IP Address, as I'm looking through the Applications folder a slightly miffed employee comes over and launches the Checkout application. I did not see antivirus or a software firewall.
What I learned is that the systems at this store (and by no means can I speak for any other store or grocery chains) are about as ripe for the planting of a trojan to steal credit cards and personal information as anywhere I've seen.
All I can say is now when the lines are long and a conscientious employee offers to help me take my items to the U-Scan I simply say "I'm in IT Security, I don't use those." and leave it at that.