I've read (though have no first hand experience) that slot machines have better security and better vetting than electronic voting machines do so I'm not surprised either.
In Nevada the source code for gaming devices is required to be provided to the state gaming commission.
(c) In the case of a gaming device, a copy of all executable software, including data and graphic
information, and a copy of all source code for programs that cannot be reasonably demonstrated to have
any use other than in a gaming device, submitted on electronically readable, unalterable media;
But only for "programs that cannot be reasonably demonstrated to have any use other than in a gaming device".
Makes one imagine what kind of political trench wars probably went on behind the scenes about this regulation.
Edit: On second thought, this seems awfully easy to circumvent. What stops me from making a rigged PRNG and then refusing to make the source code available on the grounds that there are lots of non-gambling applications for PRNGs?
The gaming commission also regulates how much each machine must pay out over a given period with a given take. Any machine not in compliance is removed, and the casino can be fined. Continued non-compliance can result in the termination of the casino gaming license.
This was true even before electronic slot machines.
Sounds better but still defeatable. I could track individual players throughout the casino (which is already common practice, I think) and decide on payout depending on how much money I already made through them.
E.g., if someone already dumped a lot of money into other games, I can give them above-average odds of winning and be sure I still make a profit (and they make a loss), otherwise I'll give them below-average odds.
If I tune this right, the average outcome over all players will still look "fair".
Or I simply give the above-average play sessions to strawmen.
Except that that is not allowed. It's individual machines tested in isolation that should perform exactly as legally mandated. The only kind of remote interaction there is is logging to make sure they can prove that the machine performed as advertised and to know when to empty the coin box.
You could make a rigged PRNG but the front-end software of the system (different applications) have to display extremely detailed statistics on every function and variable (payouts, money in, number of wins, probabilities etc) and that code will have to be open source. The only upside to interfering with the PRNG would be being able to predict the winning moves based on whats on-screen (assuming whats on-screen is derived from the PRNG).
The actual slot machines themselves are unexpectedly secure. But the back-end environment is usually a total mess. The aim of the admins is to make sure no-one gets to the back-end environment and that's achieved through heavy use of CCTV and port-security on switches.
I remember like 20 years ago on the internet there was a lot of cool video/audio tech always being created and it was funny because it didn't really make sense at the time given bandwidth - but everyone joked it was the porn industry pushing all that money/development (fk, even my dad said that once - ok ok I think I turned out ok). It's funny how we get where we get.