Right, Empath, an ATM should be not much more than a "glass Teletype" - a simple, bulletproof, dumb terminal that has very limited functions: Accept limited types of input from the customer and their cards, provide limited types of screen and printed output, and control the deposit drawer and money distribution mechanics. (And "Fail safe," of course. If it gets sick, shut down and scream for help.)
Those functions should be extremely well defined, not have unneeded crossovers between functions, and LIMITED. I can't stress that enough.
I'm not sure how much autonomy an ATM needs, but it shouldn't be all that much. All the "thinking" should be done by the smarter, larger, better physically protected machines they talk to at the other end of their data links. (Thing is, putting MSW OS's into THOSE machines is happening, too. Personally I think that is a bigger problem.)
The worrysome part is some of the folks thinking several years out appear to be putting less limited (more versatile) functions into the ATM end, and talking about needing OS's. Maybe it would be nice if an ATM could keep right on functioning when it's modem or leased line goes down, but if it is at the expense of system security, I hope it doesn't happen.
I'd personally much rather have 4 or 5 limited functions that can be relied upon with little worry, than 200 functions at the expense of always wondering when the next problem will crop up.
There is an advantage in some things in keeping them simple.