so, it turns out that yet another commercial shopping cart application has security holes, despite third-party audit firms and an internal quality-assurance team. i actually met up with the pdg software once, and it really struck me as quite unpolished. (and how is breaking into ecommerce sites and emailing them a sign of bravado? theft seems pretty cowardly to me.)