Assuming that's the case, (how) does it work if the store uses HTTPS for normal product pages?
If a proxy is used to intercept and modify HTTPS traffic, the server certificate used for the connection between the proxy and the client would be invalid (I mean it would not be signed by a CA trusted by the client). Desktop browsers report an error in response to this condition. I don't know about mobile safari.
How do they deal with this?
We pass https traffic as is, we obviously can't look in it or manipulate it.
However most of the products (something like 98%) are on http connections.
Changes to the checkout process are dealt with regression testing. As for supporting new retailers (even niche ones), feel free to email us at firstname.lastname@example.org to support your site.
As for Magento and other platforms we're in discussions to support them too.
If something fails one of us gets an email / sms / a strongly worded letter from our parents telling us we could better.
eCommerce on mobile is still way too much work and I could see people building marketplaces or purchase-enabled wishlisting/product bookmarking apps really quickly with this.
What happens when they find out about you plugging credit card information and block you?
Then again here's a quote from a merchant that reached out just this morning: "How do we get our store added, what you guys are doing is rad! [redacted] I've actually already been talking to a handful of app photo app developers about integrating our store into their app as a way to create incremental revenue -- I'd love to be able to have them use your API instead of having to build something ourselves."
If they're around maybe they can publicly contribute to the discussion.