[proksoup]

This pretty clearly demonstrates to me the problem --- the stripe developers and management themselves don't actually understand the problem.

Patch is right, you need to be PCI compliant and Stripe (despite their recent funding) is apparently misunderstanding the problem with their approach.

And frankly, PCI compliance be damned, can ya'all not see how the "redirect to page" way is more secure.

Stripe hiding behind "our code is fine, only if you get hacked is it a problem" is, quite frankly, disgusting blame redirection.