As we posted prominently here on the forums and elsewhere, nearly the entire company spent the past two weeks scrambling to get ready for GenCon, at GenCon, and then digging out after returning home from GenCon. So nobody has been actively monitoring the forums for new members that required approval of their first post. Due to major issues with spammers in the past, we long ago switched to requiring that first posts be approved by a moderator, but there was nobody to see and approve your posts this past week. Your timing was just right - in the exactly wrong way.
To answer your questions...
Our bank and credit card processor are both among the largest in the US. We've been with both for almost 20 years now, and we've never had any issues with either during that time.
Your credit card information gets captured and transmitted by our server, but it never actually gets stored on our server. We pass it directly through to the credit card processor and only store transaction codes given to us by the processor. So there's nothing kept on our server that can be compromised regarding your credit card details.
Even though we don't keep any credit card details on our server, we still strive to maintain PCI compliance. Just out of an abundance of caution.
You mentioned phone numbers, so I'll comment on that. We ask for a phone number so that we can resolve any issues that may arise for users during the purchase process and immediately following. Either a work or personal number will suffice - we only need one of them. Over the years, having the phone number has been invaluable on a regular basis, especially with chargebacks. The number of wives/mothers that I have personally spoken to regarding the uncommunicated purchases of our products by their husbands/teenagers is astounding. Once they realize it's for "those games they play", everything is fine, and it avoids the complications of terminating licenses/accounts for everyone involved.
Information like names and order history are neither encrypted nor salted, as we need to be able to quickly look up account information using those details for support queries and the like. None of that information is typically considered sensitive, so I assume that's not your concern. You're probably referring to identifying information that is typically captured with credit card payments, which we don't store anywhere. That said, passwords and similar types of information are absolutely encrypted and salted.
Hope this helps!