Yes and no. This is another area that has been unfairly exploited by the media. There are certain precautions you can take to ensure safety when paying for a product online. The advent of secure servers stands to change the way commerce is conducted on the Internet. The server is the primary connection to the Internet at your service provider's location. Secure servers use encryption to ensure that anything that might be intercepted would be useless, as it would be scrambled. If you're accessing a website stored on a secure server, there will be some indication, which varies from program to program, that shows it's secure (Netscape Navigator, for example, has a broken key in the lower left corner for non-secure servers, unbroken for secure).
One thing to realize, however, is that you really aren't that much at risk if you transmit your credit card number through a non-secure server. Here's what someone would have to do in order to steal your credit card number from an email message: they'd have to intercept the single message that contains your information at the exact right time. Chances of that actually happening are low.
In fact, after doing some independent research, I wasn't able to find any instances of this happening. The credit card thefts that have occurred over the Internet have been mass thefts from banking and online service computer systems that contain databases of customer information. Wouldn't that make more sense, anyway? If you were a thief, would you rather spend a large amount of time trying to intercept individual emails, or spend a short amount of time accessing a single source where you could get hundreds or thousands of card numbers, all in one shot? True, criminals aren't always logical, but most of them want to do as little work as possible.
What it boils down to is that sending your credit card via email probably is no riskier than giving your information over the phone to an operator at a catalog company. After all, someone could be listening in on the phone call, or the person at the other end of the line (or someone else in that office) might be running a credit card fraud business on the side. Secure servers just enhance the safety.