You should always use as much security as you
can. There's no such thing as too much.
So besides choosing the right database, I
recommend some sort of two-way encryption of any
sensitive information. There are a variety of
methods to accomplish it, and you'll want to choose
one that works well in your situation.
One example that I've used takes advantage of
a randomly generated password that unlocks each
individual order on the site. Without that password,
the credit card number is junk. However, we still
make it possible to see contact information just
in case someone loses the password for that order.
Because there's only one person involved in
receiving the orders, it's quite practical.