Well the person who spent £300 on it might be a bit miffed. They may even go so far as to claim criminal damage, you never know.
I'd like to see them try - how are you going to prove that it was a hack that killed the thing and not a malfunction? Read the bash log? If you have THAT deep an access you can cook up all sorts of mischief that could be made to zap itself on reboot. You could even make it an intermittent problem so it'll drive you mad trying to fix the hardware.
How ANYONE in the 21st century can wilfully avoid, no, REMOVE, the most basic access control facilities to use on an unsecured link is a bit beyond me. That is simply irresponsible.