The point is not that it can't be done securely, it's that they don't want the hassle of being responsible for a large amount of sensitive information. By not storing the information in the first place they can guarantee that they won't be hacked and have their customers data stolen.