>Hi Marcia,
>
> This whole incident raises a much bigger issue that people here should probably be concerned with.
>
>1. Do the admins here have access to the usernames and passwords created by users.
>
>2. Is the same security used for the credit card information being used to pay for peoples accounts?
>
>I think michel had better deal with this before it becomes a real issue....
>

You bet. I am currently consulting with a company in the credit card industry and can tell you Visa and MasterCard have stringent new privacy and security requirements for any merchant who accepts their cards. A merchant found to be in violation of these requirements can not only be dropped as a merchant -- i.e. no longer be allowed to take Visa or MasterCard -- they are also subject to hefty fines. I heard a rumor (unsubstantiated) at work not long ago that the Chipotle restaurant chain may go out of business due to fines pending for not adequately protecting credit card data.