There's no two ways about it. If you don't take reasonable care with your users sensitive data, especially things like passwords, security questions, credit card information, etc. then you are an completely incompetent unprofessional hack and also a creep, a jerk, and a generally miserable person to boot.
That means you don't store passwords in an unhashed format (plaintext or encrypted). You don't store credit cards at all unless you've can't find any other design options. And if you do store them, you take great pains to meet or exceed reasonable standards (like PCI) for storing them safely and properly.
This is vastly more important than what language or framework you use. Vastly more important than whether you use CCS or tables. Vastly more important than whether you use a SQL database or a hip new RESTFUL key-value store.
This is about trust. This is about integrity. This is about professionalism. Are you trustworthy? Are you a professional? Then do the right thing damn it!
That means you don't store passwords in an unhashed format (plaintext or encrypted). You don't store credit cards at all unless you've can't find any other design options. And if you do store them, you take great pains to meet or exceed reasonable standards (like PCI) for storing them safely and properly.
This is vastly more important than what language or framework you use. Vastly more important than whether you use CCS or tables. Vastly more important than whether you use a SQL database or a hip new RESTFUL key-value store.
This is about trust. This is about integrity. This is about professionalism. Are you trustworthy? Are you a professional? Then do the right thing damn it!