Its not like they're storing their customer data securely on the back end anyways. :)

actually they do, if you get to know the carts, some have there access database right in the main dir usally shopping430.mdb depends what kind of cart usally using the, and all the secured orders are available.

just a search on google with storefront login.asp

will give you results of the storefront shopping carts, another way of using google to your advantage. storefront has a sql injection typing '=' for login and pass and you will be the first user. so lazy admins dont upgrade there products when a bulletin comes out, or they dont get the proper information, and someone uses this against them they come crying. oh well :)