[cautious]

My previous post was either lost or dropped. I am reposting.

On the original issue: There is no need to encrypt software for PCI-DSS compliance - unless there is a hidden agenda to make difficult user mods and 3rd party mods.

Regardless of whether or not the underlying software is obfuscated, if you save a customer's credit card # and the CVV/CVV2 then you're not compliant. I have read policies that claim security and therefore compliance because they claim to delete these data after 30 days from their database.