Auto-enabling keyboard input at all is totally crazy; if you can type you can compromise something. my last startup (it's still around, just without me) makes kiosks with touch displays and accessible usb ports, and disabling that shit was the first obvious move.
We then allowed them to be re-enabled selectively based on a challenge-response touch screen input (didn't require connectivity, just pre-shared keys to verify the response) or via our server (if connectivity was stable and the touch screen had an issue).
Assuming you have a team competent enough to build a platform that you can at minimum reboot and ensure it'll always come back up, you'd never, ever want to automatically let someone access your system.
We then allowed them to be re-enabled selectively based on a challenge-response touch screen input (didn't require connectivity, just pre-shared keys to verify the response) or via our server (if connectivity was stable and the touch screen had an issue).
Assuming you have a team competent enough to build a platform that you can at minimum reboot and ensure it'll always come back up, you'd never, ever want to automatically let someone access your system.