Depending on what payment system you allow to your visitors, Magento sends the credit card number openly by email, which is not secured at all. Here is a Magento tip to avoid displaying that info in emails.

 1. Open the file app/design/frontend/default/your_theme/template/payment/info/cc.phtml

 2. Find the lines that read: <?php echo $this->__(’Credit Card Number: xxxx-%s’, $this->htmlEscape($this->getInfo()->getCcLast4())) ?><br/><?php echo $this->__(’Expiration Date: %s/%s’, $this->htmlEscape($this->getCcExpMonth()), $this->htmlEscape($this->getInfo()->getCcExpYear())) ?>

 3. Comment this code out, so it looks like this: <!–<?php echo $this->__(’Credit Card Number: xxxx-%s’, $this->htmlEscape($this->getInfo()->getCcLast4())) ?><br/><?php echo $this->__(’Expiration Date: %s/%s’, $this->htmlEscape($this->getCcExpMonth()), $this->htmlEscape($this->getInfo()->getCcExpYear())) ?>–>

 4. Save the file.