@David: PP standard works just fine on this site:
He has something like 2,500 products on site and his sales are healthy.
You'll see that he alsp has a non-PP option - this is a good idea. Some people much prefer using Paypal, while others hate it (or still think that you need to have a Paypal account in order to use it).
@Jeff: it is my strong impression that the difficulty of achieving PCI compliance depends on where you are. Here in the UK it is perceived as quite difficult and something for "the big boys" - airlines, ticket agencies, and so on. I've discussed it many times with fellow UK developers and we are unanimous in our advice to customers - unless you have a large monthly budget in place to handle ongoing security audits, let somebody else deal with handling credit card numbers.
Secondly, the fact that wordpress plugins are GPL and hence open source doesn't stop many of them being very poorly coded and a constant source of exploits:
As I said, I will *never* knowingly enter my card details into a wordpress site, and I don't understand how anybody thinks it's a good idea to let a wordpress site handle credit card details, even transiently. Even if you, as a responsible developer, have personally scoured every single line of code at the time of installation, there's nothing to stop the site owner deciding that the front page needs a new image widget or something that happens to use an old version of tim thumb - as above.