Passenger profiling enables the Transportation Security Administration to target costly inspection effort toward passengers that have an incentive to attack. On the other hand, critics point out that attackers may game the profiler by manipulating their attributes and behavior, making the profiler ineffective. We examine how passenger profiling impacts airport security operations when the profiler is vulnerable to gaming by attackers. We consider the no-profiling setup and two profiling setups. In the no-profiling setup, all passengers are sent through a screening device, and those that raise an alarm are physically inspected. In the first profiling setup, all classified attackers are physically inspected and classified normal passengers are sent through a screening device, and those that raise an alarm are physically inspected. In the second profiling setup, every passenger, regardless of the profiler's classification, is sent through a screening device and those that raise an alarm are inspected, but the screening devices are configured differently for classified attackers and classified normal passengers. We find that, regardless of the profiling setup, the optimal profiling setup performs at least as good as the no-profiling setup on key performance measures such as total expected security cost, inspection rate of normal passengers, and attacker detection rate even when the profiler is vulnerable to attackers' gaming. The benefit from profiling increases if the profiler becomes less vulnerable. Although neither profiling setup dominates the other on these performance measures, we find that each setup has different desirable properties.