You don't need to leave it in a public place, this flaw could be exploited by someone that is normally allowed to use the machine, but not trusted with anything more than guest access rights. Like, say a work laptop. The dongle doesn't even have to be installed, just the driver software, so not out of the realm of possibility for the software to be installed as part of a corporate-standard image, in which case all of them would be exploitable.
The problem is that they set the driver's directory to give full permissions to the 'everyone' group, this even applies to the service executable, which runs at a security level that not even an enterprise admin has when logged in. (Essentially they set it to 777 and configured the daemon to run as root).
Really, the only thing you need to do is run cp <Malicious executable> C:\Program Files (x86)\Web Connecton\BackgroundService.exe as anyone who can access the system, and now you have unfettered access to the entire system at next boot. Hell, this could even be embedded into a simple autorun script.