If you are making channels to make money, then securing your users' financial information ought to be high on your list of priorities. HTTPS is alright for transactions, however, to give the keys away with the store relying on the serial number, mac id, or other static information that can't be wiped from the device itself is stupid. Maybe you should add a disclaimer stating that their credit cards and identifying information will be permanently attached to their roku device - I'm sure letting them know would be appreciated.
