So would be SaaS be a good (or better) alternative to this hack or security vulnerability fiasco? In my mind the SaaS from CS-Cart would have the same problem, but wouldn't whomever the SaaS was through be taking care of the server, hack, etc. To be honest I have lost some confidence in CS-Cart, but then I remember that Target, Ebay and some other pretty big players have also been hacked. The main thing I know is this is having a pretty negative affect on sales. Not just because we have stopped most of our advertising, but because something appears to have happened back in March that DRASTICALLY affected sales too.
SaaS would probably have improved the reaction time for all merchants using SaaS since once the issue was identified, it could basically have been addressed in one swoop. But on the other end, until it is detected, it can affect lots of customers with one invasion… Tit for tat. Do note that this attack was not initially identified by cs-cart but by an alert developer who caught it and brought it to their attention. In a SaaS environment, that developer would not be involved so there's no telling how long it might have gone on until detected.
There are no sure-fire solutions. Software is “soft” for a reason and as long as developers are human, there will be other developers who will learn how to exploit a system.