Square says (https://squareup.com/reader): "Square is PCI-DSS Level 1 compliant and the Square Card Reader is fully encrypted. Data encryption occurs at the moment of the credit card swipe" and has an image of the reader with 'Security Encryption' pointing to the reader itself (see the page).
Well, I do own a black reader, so perhaps Square moved back to using white at some point. But there have been white readers unable to encrypt the data out 'in the wild', and I suspect this project used one of those.
What's to stop an evil clerk from using his eyes to read the card? The credit card industry is designed from the ground up on the assumptions that the card is insecure. The only reason Square is adding encryption is due to a PR war by it's competitors, playing off consumer fear.