I agree, we shouldn't be optimizing for the case where a child steals a credit card. That's just not in the threat model. I mean, they could steal IDs too, and children can already steal credit cards and buy, like, vbucks or whatever. Which probably causes more tangible real-world harm than seeing a pair of boobies or whatever we're trying to protect against.

However, I still think credit cards are overkill. They reveal way too much information, including addresses. I wouldn't trust most companies with my credit card either, at least not online. In person it's different, the scanners are secure especially if you use tap to pay. But online, you just have a pinky promise that your info isn't being stored.

Frankly, I'm getting sick and tired of being put in the situation where I have no choice but to just blindly trust people to do the right thing. Obviously, it's not working, and we need real solutions.