So you can't even fathom a scenario where an order is fulfilled without the payment going through, causing a huge amount of losses? Or leaking private data which is a huge deal in a post-GDPR world?
If you separate ordering, invoicing, and delivery, it is impossible for that to happen.
As for leaking private date, now you're in the territory of some hackers having access to reading RAM memory. Which I guess is a possibility, but not something that every business in the world needs to concern themselves with.
If you call your local auto dealer and say you want to buy all their cars, don't you think they have some process stopping them from just sending all their cars to your adress? A hacker could make that call, you know...
