I ended up grabbing Tony Marston's encryption class for use in core (it's GPL and has no external dependencies). As I was reviewing the credit card settings to figure out where to put the encryption settings, I realized that the last few fields can be used to take care of the sort of "leftover" cc numbers described in the above 2 posts. Just set the order status to wipe to "In checkout" and put the time limit to 1 hour. Is there a problem with this?

Also, as we move forward, I'm considering the fact that including configurable messages in settings forms has led to problems with multilingual sites. Does anyone alter the failed CC message or can I just make that a default and remove that textarea? It would still be editable through translations/localization.