Bad security?
That reads like both the passwords and the credit card information were reversibly encrypted.
That's needed for the credit card but should not be done for the passwords - they should be one-way hashed.
You check the input password by hashing it and comparing the hashes, you should never be able to retrieve the original password.
And these days, with so many reported breaches, you should encrypt everything. They already have all the code set up so it would be trivial to encrypt the email addresses as well. I'm not sure about best practice for the user name, I'm not a security expert - but encrypt everything else.