Keep in mind many stores use a central server for orders from another company. AnimeNation is a prime example. All their orders are handeled via stores.yahoo.com. Many smaller online sites do this to get the security without the cost.
And as far as my credit card number and the internet, I'm more worried about the person at the store writing down my number from the reciepts then I am someone intercepting my card on the internet. Or worried about insecure databases. From a hacker perspective, it's worth it to go after the database with thousands of cards for a little more work then intercepting my one card number. That is why I like billing systems held off the internet. My company has a massive internal server with all the CC numbers, but it can only be accessed via internal computers with certain intranet IP's. The web gateway is watched and secured very carefully, and the gateway is a one way path for billing information.
My empeg site is:http://24.236.3.131/empeg/