Those things would go in the TOS and be highlighted somewhere in the sign-up process, to avoid confusion by someone who thinks they might be ok. In any of my cases, there would only be the usual 3 or 4 things to prohibit. Fraud, pron, email spam, copyright infringement, hate sites, etc - all determined and defined by the program manager at will. Depending on the nature of the program, payments/sharing with end users would be looked at.
I definitely see your point.
With fraudsters, you really never know until sales start coming in. Presumably, fraud prevention is included in that step, and then taken a step further by no affiliate payments until merchant payments are secured. You could even lag that if you wanted.