You could still attack the stuff talking that RS232 protocol. Maybe it has a buffer overflow that allows me to gain control and change the software to write any money coming in not only to those flash drives but also out to my account (writing it to the flash drives makes it harder to detect this hack) In the limit, that doesn't require much. For example, I could flash a control LED and attempt to read it from across the street. Even if that succeeds in only a small fraction of transactions, it might still be worthwhile.

TL;dr version: anything that is connected to the outside world, no matter how small, is an attack target.