I actually wouldn't be surprised that a similar scenario occurred during development. There are stupid decisions made constantly. Even the place I work, our Chief Security Officer in charge of security asked me to remove all authentication from all printers with email function so that it won't affect user's workflow... on top of that, I'm told to allow users to type in the "From" field as well.
I'm about to scan my butt to the CEO and type in the CSO's email address in the From field just to prove my point....
If you don't have some sort of card + short-pin access to the scanner (or something else that's minimally interrupting), auth is an incredibly annoying thing. I mean, what's the threat vector here? Scanned butts? I think people will survive.
Everyone's supposed to have some fancy alphanumeric-with-special-characters password and sit there in front of the machine copying it in slowly from their LastPass. No, thank you.
Considering we're in healthcare business... I can see problems. We are working towards implementing a badge-in option but wont begin testing until this summer.
I'm about to scan my butt to the CEO and type in the CSO's email address in the From field just to prove my point....