You have to get the check to a piece of trusted hardware for it to not be permanently bypassable (aka, not the device) by a jailbreak style hack of the storekit libraries.
The check HAS to be done off the phone for the hack to not be global and ever available.
Well, in this case there's no jailbreaks involved, so no code modification or patching. Obviously if you have root access on the device you can do "anything"; the "non-JB-ness" of this hack is what was particularly intriguing.
(also, if the ipa contains all data required for the IAP to work, a jailbroken device stands no chance -- any server checks could simply be NOP'ed out)
You have to NOP each program, as the code to check each program against the server (which is written by the 3rd party developer, which then talks to apple server), which is significantly more effort than if the verification with the apple server occurred on the device.
The check HAS to be done off the phone for the hack to not be global and ever available.