What about the requirement that any code that touches CC payments has to be PCI compliant? Doesn't these leave only PayPal and Auth.NET as the only option for smaller players?
If you use an API like Braintree's Transparent Redirect ( http://bit.ly/d5wD4P ) you can host the payment form on your site without touching any credit card data. That way you won't have to deal with the drawbacks of redirecting your customers to a third party hosted page. Disclosure: I work for Braintree.