It comes down to the fact that the barrier to entry for credit card fraud is significantly cheaper/easier with Square than attacks on the dedicated terminals.

Attacks on the dedicated terminals need physical access to the terminal and sufficient technical knowledge to carry out the hardware attack. Attacks on a Square or similar device can be carried out remotely and run by anybody as it is all software.

The dedicated terminals do have some protection mechanisms in place to prevent tampering but it isn't particularly amazing protection. I've triggered the tamper detection on a terminal by accident before by dropping it around 10 inches onto a table. The entire unit had to be replaced.

The attack surface for a dedicated terminal is going to be less than a Square device as you're only going to ever be doing payments on a dedicated terminal. You're not going to be surfing, reading email, playing games, iFarting or talking on a dedicated terminal.