Not to make you any more paranoid, but the https security only encrypts the data sent between your computer and the server. It says nothing about how your credit card info is stored on their servers or what becomes of it after the order is processed. I have seen some sites that just take take the credit card info and send in plain unencrypted text as an email (bad). Others will store the credit cards unencrypted in a database (worse). I even came across a site that was storing the orders with the credit card info in a text file which any hacker person could discover by looking at the source code for the order form page (OMG!). Scary stuff! This last one was on a local community college web site that was offering web development classes
As a web developer, I know how hard it is to create a water tight security protocol. Big online stores and banks devote teams of people and throw a ton of money at this problem and still get cracked sometimes. So anytime I order from a site that isn't Amazon, or another reputable seller I pick up the phone and place my order. If a store uses Paypal, I'll use that as it puts the security burden on Paypal and the store never gets my credit card info.
For the KH Knit Shop, we just pass the information directly to the merchant processing gateway. We never come in contact with the credit card number. We let the bank's servers handle it.
I also work for a web hosting company and you'd be surprised at the number of fraudulent orders we receive from scammers using stolen credit cards. They are obviously getting these cards from somewhere, and most likely it's from sites with bad security practices.
So think twice, even when you see the https://. It's easier to pick up the phone and order than it is to deal with identity theft and all the problems that can occur if thieves get your info.