An attacker could open the charging station up and wire the USB ports up to a mini computer (think something like a Raspberry Pi). They can then do anything on your phone that you could do with your phone plugged in to a PC, including advanced stuff like redirecting your phone’s internet traffic though the USB or making use of any security flaws in your phone to access data without having to unlock the phone.