writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?
Please expand. If you don't store CC information on your server and use A.N.'s best practices (and their examples as starters,) force SSL on all checkout areas, more information is needed to define why it's bad. It's exactly what existing cart software does.
The PCI compliance scans apply to existing shopping cart software as well, and a non-compliant server will cause the scans to fail just as easily. If you host the site in a PCI compliant environment, securing a script to pass a PCI scan is not all that difficult (and makes a more aware coder out of you.)
Of course, the cheap and cheesy solution is to just pass the customer to the Authorize.net payment page on checkout.
First, storing CC is not just the issue. Accepting and transmitting CC data is also considered high in PCI terms.
PCI is not just about the server anymore, your cart is required to be PA-DSS certified. Getting PA-DSS is not cheap from what ive heard.
"PCI-DSS (the PCI’s own Data Security Standards) now requires that applications be PA-DSS validated as well. PCI standards include the transmission of data using SSL encryption, protecting cardholder information, and creating and enforcing strict security policies."