[eluser]obiron2[/eluser]
The short answer is..
If you could do it in PHP then you can do it in CI.
For secure applications you will need to use HTTPS and get a valid certificate.
Your backend (i.e. server) security is dependant on how flexible your hosting service is in regards to allowing you to put files and set CHMOD permissions, opening ports, thread monitoring etc. If you are really serious about security you should be renting a dedicated server that you have full control over.
for payment gateways (amazon, Paypal, Protx etc..) they all have APIs that can be used with PHP. The advantage of using CI over naked PHP is that much of the work will be already done for you in libraries (look in the WIKI) and you can piggy back off work other people have done.
Again, to emphasise, you application security is only as good as your coding and business rules. Your server security is only as good as your server configuration. Make sure hackers don't have access to your root and above all, if you are storing financial data in a database make sure it is encrypted; better still, have it stored by a third party and simply store the authentication token.
Remember PHP is not a complied language so if someone steals your code, they can work out the system vulnerabilities. this is a limitation of PHP, not code igniter.
Obiron
