Qiwi configs or security assurance

Recently in the store I noticed a terminal with an IE error on the page and a question whether to continue or not, I got interested and decided to poke around. I came across an ancient bug with holding a finger on the screen and a drop-down menu, looked at the computer config (Celeron 2.6 with 256m memory, and a check printer connected via COM (oO) port and the fact that the local html page is spinning with a flash through a special OSMP launcher), but the point is not this one.

I found a folder at C: \ osmp, and in it (I don’t remember the directory structure specifically) a folder with the approximate name config, and it already has a bunch of xml files, with approximate names comission.xml operators.xml, etc., where the codes of the operators and their names are listed, and, accordingly, the commission percentage in another file.

Those. it turns out that you can set the percentage of the commission yourself and do a lot of interesting things? Either this is just an old version of the OSMP client, or it’s really more convenient, or not everything is built on these configs.

I understand that the context menu bug should worry the owner of the terminal, and the structure of the configs and internal intricacies of the work is not the end user, but still? How much interesting can a person with malicious intent do)