To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.
So the machine -- 'PCI Compliant' or not -- signs the transaction with your private key, which you have exposed to it using your PIN? No thanks.
About the day after this gets introduced, somebody is going to create look-alike terminals that send your private key to haxxors in the Ukraine. How would one be able to tell you're dealing with an actual, non-nefarious terminal?