First of all, I'd kindly ask you to lower the height of your images as they take too much space.
What if a dishonest user sends a TX with low Fee (1 Sat/vB) to a vending machine, the machine releases the product, and after some time that user performs a FullRBF changing the destination address to one of his own addresses?
The vending machine owner is at a loss, indeed. That's why they shouldn't be releasing the product under a 0-conf transaction. That was less likely to occur before Full-RBF, with RBF disabled, as it'd require to convince a mining pool to double-spend your transaction, but currently it's just really trivial. But, that's the normal state of the network; no confirmation, means can be double-spent.
Now the vending machine owner has two options;
- either make the user wait for 1 confirmation (nobody's going to wait 10 minutes for a coca cola, I know), or:
- adapt with second layers, like lightning.