The concept of people unbanning themselves/getting others banned is scaremongering at this point. We don't even know on which criteria Sony would ban, but simply getting a legit console ID isn't trivial, they can't brute force that. They'd have to get them from somewhere, and that cannot be from OFW users because those don't know the ID to be able to give away it neither can they run unapproved code to have it stolen from them. Then the username... these things still have passwords. Making your PS3 broadcast someone elses email/nickname isn't going to get you logged in, password is verified on Sony's side.
IP bans are not completely efficient since a lot of people are on dynamic IPs and banning ranges would lead to banning people simply using the same ISP. Then there are also proxies and VPNs.
As for the credit card info being sent unencrypted, from what I understand - it wasn't. It's sent via https, and the only time it wasn't actually encrypted was when people bypassed PSN login version check by directing their connection to a fake SSL certificate. Maybe it's possible to further secure that data, but for people simply using their unmodded PS3 it's safe.
