[Disclaimer I work for an hotel chain]
- Booking transmit your credit card number and CVV unencrypted to the hotel. I don't understand how could anyone use this site.
Probably not much less secure than calling and giving your CC to a person jotting it down or emailing with the same details. Most of the hotel custom booking forms look like '90s HTML3 pages so the alternative is usually not better anyway.
It's unfair to compare Booking.com which is the largest adwords buyer in the world to small indie hotels.
Let's contrast this with Expedia which have a single use virtual card for each customer.
Why can't Booking do the same ?