Even more scary is that some of the same developers who store passwords in plain text are storing your credit card information.
Years ago, after failing to talk a client out of storing credit card information in the first place, I did a lot of research on how best to secure it - knowing that his hosting environment was going to be, shall we say, inexpensive. Scary stuff, and not a responsibility I wanted.
Every time we code these things we’re betting that no hacker on the planet is a better programmer than we are.