I'm not defending Apple here. But I think the logic is, if you rightfully bought the card then nobody but you should be able to activate it. So the first person activating it is legit, and a second person attempting to activate it is necessarily trying to engage in fraud, having stolen it from a trash can or something.

But this breaks down for the reasons described, that thieves get the code before you do and manage to spend it first once the cashier activates it but before you get home and actually use it.

So maybe that's new and Apple hasn't updated their scam detection logic? It's the only thing I can think of.