A good thing to practice is to throw your WHMCS directory, support software and live chat software onto a subdomain, and place the SSL cert on that subdomain. This way, your clients info is protected when being transfered. Its not just their credit card info you want to protect but their names and addresses and such. If your transfering passwords through support tickets, again, protectd by SSL.
what scared me when reading this is that you feel that securing information is not that important from the offset, first thing to do when setting up a site that collects any user info is to secure it with a good ssl cert, without ssl your link between whmcs and paypal is not secured. then there is also the fact that if you wanted to use google checkout and dont have an ssl cert it wont work
If you need help about anything to do with WHT, check out the Helpdesk