This is basically how all of the mobile starbucks card apps work. You install the app on your phone, logon to your account, and then when you pay it shows an image of a card with your barcode. In this case, its just using a static image instead of the one generated by the app. I suppose they were ok with the tradeoff of convenience over the security risks.
So you just need an image of a Starbucks card to purchase on that account? Presumably they're not bothered because it's their customers money that they're being free and easy with, the more fraud the more money they make ...?
I don't really know per se, because we don't even have Starbucks where I live, but:
I thought the image was pretty indistinguishable from the app when viewed in an image browser. Most of them don't show any borders, so if you walk on the desk with the image ready, you probably couldn't tell the difference?
