Yes it is plus a very bad idea anyway. If the database were to be hacked then there would be all kinds of information for the hacker to use. If someone buys credits or subscription on my site all I get is a transaction ID from Paypal and date it was bought and all that...