Um, no it doesn't? Malleability merely renames a transaction. The transaction itself is essentially unchanged. It still has the same inputs, outputs and amounts.  Renaming a transaction does not enable double-spending, nor does it allow bitcoin funds to be re-directed. It doesn't matter if the renamed transaction gets accepted by the network instead of the original, because they are the same. They just have different names. It's only a problem for exchanges that use the wrong name to lookup the transaction in the block chain. Coffee shops don't have to make that mistake.

Explain to me how you would use transaction malleability to defraud a coffee shop that allows zero confirmations.

If anything, the coffee shop is less affected, because the customer is not waiting around to ask for (or be asked for) a refund if the transaction is renamed, accepted, then not recognised under its new name. By the time transaction mutability comes into play, they'll be 10-minutes gone.