So, assuming I have the checkbox for “Allow us to save your information for next time”, and we create the Customer record, and then we have the checkbox for “Allow us to save your credit card info for next time” and we create a Customer Card. I’m assuming that’s all stored nice and securely on Square’s servers. My confusion comes the next time the user comes to our site and we say at the beginning of the checkout process “Sign in to use your previously-saved info and credit card!” - I ask them for … their e-mail address I’m guessing, and then using the Customer API I can search for that e-mail address and get the Customer record from there, and charge their card on file … but isn’t that completely insecure? All I have to do is know the email address of my friend and know that he shops at our store, and I can begin charging things to his card… What am I missing here? I would have expected some level of security around this customer information, and there are things in the documentation about customer records being merged automatically, I’m not sure I understand that aspect of it either … please point me in the right direction!