Agreed that, if done right, they'll hopefully at least minimize their exposure. For instance, a user in line for a ride with a 'quick pass' from their bracelet VERY likely isn't in a store half-way across the park, at the same moment. Still, with the sheer number of the bracelets that could potentially be in use, daily, it's a guarantee that someone WILL exploit things, somehow.
Perhaps a required passphrase if in the stores, etc, to go with the bracelets, so that, at least then, there's MUCH less chance of excess abuse / spending. At least that way, they'd really need to both 'drive by' scan the rfid AND shoulder surf, to get the passphrase.
~ hayabusa ~
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH