It doesn't really spell out, though, how they differentiate CC info and avoid storing it with the rest of the data in the pdf form. There's just some hand wavy language about "Bank-grade Security". I suspect this means they store the CC data, which would be significantly different from how must online merchants operate.
As someone who has worked on a similar product, I would imagine they only store a token given to them by their payment gateway. The actual CC information is held by the PCI compliant payment gateway, while Docusign can use the token to charge a card without storing compromising information.
Would be good if that were spelled out though. From the outside, you click a link and see a pre-filled PDF, as both the end user and the person that sent the form. There's no obvious magic that it's auto-detecting cc like data and storing it differently than the other fields in the pdf.