I MD5 all passwords and the like. But you can't do a great deal with credit card information if all you have is a one way hash. Sort of defeats the purpose of storing it in the first place, no?

I like the cookies idea, but what if the end user clears the cookies or they expire? *scratches chin*