https://www.reddit.com/r/webdev/comments/51h32v/question_abo...
I'm entirely confident someone in that company felt PCI was a non-issue because they were to "use stripe". It's certainly not a safe deployment however.