I still don't fully understand why everyone is saying that X-Payments would be the only approach to fixing this other the BCSE building a Authorize.NET module.
Does X-Cart's NEW Braintree Module (
http://www.x-cart.com/braintree.html) not provide the same type PCI DSS Level 1 compliance that it needed?
http://www.braintreepayments.com/services/pci-compliance
We use this and love it. You can't beat the technology of Braintree, $300-ish module cost, being able to store credit card information in their Vault feature. It's great.
A side not, I personally think that X-Cart's service is un-matched and their dedication to our stores success (including integrating Braintree) has been amazing-- from working late, to chatting via Skype.