Have you ever left your credit card at the counter so you could pump gas when the pump's reader is broken? Do you really trust that guy inside to not make a copy of your card with a skimmer?
This is the problem with the way Square has implemented their product. They give you a dongle for your phone that will read credit and debit cards on your smartphone and allow you to ring up transactions immediately. That is good in that more companies will be able to afford to have mobile readers allowing them to process your card in front of you rather than taking it to the back room.
The problem is, Square's dongle doesn't use hardware encryption. The data is plain text. If someone wants to write their own app to interface with the dongle, they can come right to your table, scan and skim in one swipe.
VeriFone has put together a video, free sample app and more information at their site Sq-Skim. If nothing else, you'll be able to readily identify what the scanner looks like and then decide for yourself, do you trust the person you are about to hand your card to with your card.
Hopefully, Square will fix this issue and release new scanners that are visually distinctive from the old ones that you'll be able to trust are only sending encrypted data through the phone and on to the payment provider at the bank.