I see a portable dedicated device with very limited communications ability. Just a serial port will do, which probably means serial over USB or serial over bluetooth. It will also have a SD card socket for wallet backups.
I think this could help with the retail problem too; no reason why you couldn't plug it into a potentially hostile terminal.
How will you ensure, that the 2.00 BTC which the hostile terminal shows you are about to pay isn't 450.00 BTC. Ie: How do you plan to deal with the hostile display issue? Will your device have its own screen?
Yes, it will have a display. I guess I didn't mention that, but it is absolutely essential.
It can either show the address, and ask for an amount. Or it can show the address and amount, and ask for a Yes/No.