The (eg)grocer sets out to automate the task of grocery shopping. It is able to take your ingredient usage and make the appropriate orders before you run out of any ingredient.

It simply uploads the images to the company server where the information is processed. This begins with image processing to identify what it is that's being consumed at any given moment. This information is then passed along to a user account where it manipulates a data structure holding the ingredient pairs and their frequency of usage along with how much of a given ingredient is left. When the account takes notice than an ingredient is running low, it orders it such that it will arrive before that ingredient runs out.

The danger arises in the ordering process. With all this being done through a company server, there would have to be banking information stored alongside a user account. If people with malicious intent were to breach the data of this company, they would have access to each users banking information, along with name and address which would be needed for shipping purposes.

Design Recommendations:
If a device absolutely must deal with sensitive information such as banking info, it should be stored remotely with the device and not handled server side. If for any reason there is a need for purchases to be done by a server rather than the device, a more secure option would be for the purchasing to be done by the company, and then users pay the total cost of their groceries, after a set period. This would get rid of the requirement that user payment info be constantly stored with the company.