I could have sworn I read some actual literature about this and the threat was much, much lower than most were making it out to be. Essentially, PSN uses SSL, which is pretty secure, but not impossible to crack. Your credit card # is sent unencrypted beyond whatever means is involved in SSL, but it's still protected by that.
If you are someone who has used homebrew on your PS3 to install custom firmware, however, there's a loophole one must use in order to buy from the PSN store, and that loophole, IIRC, either prevents the use of SSL to transfer your data, can be modified by whomever supplies the custom firmware to reroute where your information is being sent, or both. In essence, yes, Sony does collect a lot of information about it's users using the PS3, but the security issues aren't such a big deal for non-homebrew users right now, aside from the fact that hackers have figured out how to ban a PS3, so long as they have the console's ID number.
At least, that's what a thread on NeoGAF was suggesting, which was what I read when some site reported the same information here, and someone responded saying the story didn't get the facts straight, and linked to the GAF thread, to which I no longer have a link.