Big payment processors like Stripe are storing your full credit card number forever whether you choose to "Remember me" or not.

The checkbox is whether you want to be able to pay again without retyping it.

I mentioned in another part of this thread, the payment page as shown on the blog entry does not indicate that my CC# is stored with Stripe, rather from all appearances it appears to be stored with Kickstarter.

Now having read this thread I get that in fact Stripe is storing it, but if I hadn't read the responses to my initial post, I'd just assume Kickstarter was asking to store my CC# which I wouldn't agree to.

What Kickstarter save is a unique token, ex. da39a3ee5e6b4b0d3255bfef95601890afd80709 (not a real token, just an example).

The token can only be used with the private / public key pairs that Stripe provided to them, so even if a hacker got access to Kickstarter's database, they would still need the private/public keys to make use of the tokens.

Also, my expectations are that only whitelisted IPs should be able to access Stripe with the key pairs of Kickstarter.

Not only that. The hacker could only use the token to transfer money between you and KickStarter, not to another account. So unless they also had access to make withdrawals from KickStarter - they couldn't do anything useful other than annoy KickStarter with a bunch of erroneous charges.

Haha, I forgot to mention that.

Basically, the only important information Kickstarter gets from any card are the last 4 digits, whether it's Visa, Master Card, AMEX, etc., and the expiration date.