PCI Compliance is a tricky subject. It has as much to do with how you configure the server as the software used to create the site. How you use that software will also play a role.
One thing eCart offers is flexibility, that flexibility can be twisted around to create a site that is not PCI Compliant, you _could_ set it up to store the credit card data into the order table, or even send the CC number in the receipt email (any body reading this should note that this is a very bad practice, Do not try this at home!!).
even after creating the store, it is possible to deploy it on the server in a way that is not PCI compliant. For example: If you select to use a local cehckout method, and do not install an SSL certificate on the server.
With both Power Store and eCart, it is not difficult to deliver a PCI Compliant store, the keys are:
-Never store credit card information to your database or send it through email (Power store wont do this)
-always Use an SSL certificate if you are using a Local Checkout option, local checkout is when the site visitor enters the credit card number on the checkout page on your site
