Saving your credit card information is not necessarily a violation. Many websites do it.
In reality right now nobody really knows how all the other 600 or so retail Registrars are handling customer data and its storage.
Brad, I consider you to be a fair and professional member of the forum and as such wouldn't you agree that as we are holding Epik accountable for some of their actions (or lack thereof) but that it's equally important to do an Industry wide inspection of all the security and business practices of all the other Registrars and Registries at this time.
If the goal is to protect the customers (the Registrants) don't you think that there should be some kind of uniform standards and protocols when it comes to keeping customers data safe and don't you think that ICANN should immediately implement certain safeguards across the board to make sure that the situation with Epik doesn't occur again in the future with any other Registrar.
We need to hold Epik accountable but if the goal is customer (Registrant) safety and security then focusing all our attention on Epik and ignoring all the other 600 or so retail Registrars doesn't sound very smart.
Logic says that we should use this as a learning experience to fix the whole Industry.
IMO