Most attacks are going to be against the database server itself, not the scripts. So I'm not sure what the privilige seperation buys you in this case. If the CCs aren't encrypted in your database, they're vulnerable.

Personally, I never want my CC to stick around in someone else's database, except for my bank, and only then because they must have it. Amazon's "One-click Shopping" isn't just a dumb patent, it's a dumb idea to begin with. Really, is it such a big inconvience to type your CC number back in? Considering the security you gain by not saving your CC num, it's a very small price to pay.