The first thing you should understand is that our WebStore feature is not currently a general purpose ecommerce solution. It is suitable for selling some download products but does not have shipping calculations so it is not really built for shippable products yet and overall has a very limited feature set. I use it on this site to sell my add on products on this site and I share the feature with others in case it might be enough to meet their needs. Eventually it will evolve to a more feature rich solution, but it is not there today. So PCI concerns aside it may not be/probably is not suitable for your needs at this time.
I "think" PCI compliance is mainly a concern when directly processing credit card payments within the site, ie using Authorize.NET or PlugNPay, whereas those who use only PayPal and Google Checkout, the processing of payment happens at the paypal or google servers and we collect no credit card information and are not directly involved in processing the payments.
I can also say, that I followed the best practice guidelines provided by Authorize.NET documentation and other related documentation from Visa, and I think we are probably in compliance since we do not retain any credit card data in the database at all. The user enters the information in a page protected by ssl, it posts to the mojoportal server and from there a secure server to server web request is made to the gateway (ie Authorize.NET). We do not keep the credit card number nor security codes anywhere. We only keep auth codes and transaction ids.
Hope it helps,