It’s not more nor less secure than a conventional card terminal - what proof do you have that a conventional terminal is secure? The insides could have been replaced with an evil device that steals your PIN and card number just like malware could do for the Square device.
The proper solution to that is to not enter anything on an untrusted device. I remember seeing a picture of a card (could be fake though) with an integrated display and number keys - the idea would be that the card (something you trust) would display the amount and allow you to enter your PIN on its own keypad, so a fraudulent terminal can’t do anything. Another solution is to have no PIN and instead authorise the transaction out of band via a mobile app.