I agree and disagree with this. I think it is safe overall. At least as safe as any brick and mortar store.
Can most sites be hacked? Yes... Can most physical buildings be broken into? Yes... In fact I would argue more people have the skills to put a brick through a window and take whatever they want then there are people who have the skills to break into a site's DB.
Really it comes down to what info are they keeping? What is available to be taken?
I don't keep anything as far as credit card numbers or anything. There is no reason to at all other then convenience of the vendor.
All you could get from my DB is some purchasing patterns and contact info. Nothing you can't get from a phone book though in most cases.
Shop with me... you are really safe.