1. Authorize.net requires SSL
  2. Credit card details are collected after the review page. (i.e. payment is done after reviewing the customer's details)
  3. Drupal payment modules accept credit card information and transmit it, but do not store it. Drupal payment modules only store an authorization code
  4. Billing/shipping address form fields don't have any validation (i.e. city should contain only text, etc.)