Well someone has to...
https://xkcd.com/327/
Vulnerability Lab founder Benjamin Kunz Mejri says he's found a security bug in Apple's Mac and iOS app stores that could be exploited to inject malicious JavaScript code into victims' web browsers. Mejri reported the "application-side input validation web vulnerability" to Apple in early June, and went public with details of …
True, but it doesn't change the fact that the data isn't sanitised.
There is also the other side of the coin - people other than the purchaser may view the receipt. It would be a good way of hacking somebody who is selling things, for example. Change your device name, buy something, then raise a query and ask them to view your invoice.