Unencrypted Payment Info???

On both the blog post and the email that was sent out you mention that there is in fact unencrypted payment information stored on a different system. I find it completely unacceptable that ANY payment information is stored unencrypted. Again, due to the lack of information in the email and blog post, such as key length, I have to assume that the encryption that is used for passwords and payment information that was 'potentitally' accessed (meaning was accessed) is rather weak. While I understand that encryption in general and not completely unbreakable, the simple fact that you reset all the passwords doesn't make me feel very safe regarding payment information. I would like to know what plans you have to do away with unencrypted payment information of any kind in the future, and more specifics on the strength of encryption used for payment information in the database that was comprimised, and if you are considering encrypting personal information as well? I see no reason for some of this information to be available via any webserver in the first place, and since a lot of it is low usage data, there is no excuse to leave it stored in plain text. And yes, I realize I'll just be told to watch the blog for updates, I feel that more information needs to be shared with the users so we can figure out the best course of action regarding personal information and payment information.