Still I think there should be a discussion about 3rd party checkouts
What do you consider 3rd-party checkouts? Ordering through Coinbase Commerce would be a 3rd-party checkout, for example, right? Paying the company directly from my wallet to theirs isn't in that case. Most HW do the former.
Places that use shopping cart software that is hosted / run by someone else.
A store can run WooCommerce or PrestaShop or Open Cart or Zen Cart or many others and the cart information never leaves their server. Name / address and what I bought stays local to them. Picking on Keystone since they are the ones we have been talking about they send all that info to a 3rd party to handle the cart.
Coinbase Commerce is a payment processor. Some want more info then others. But keeping it internal by running something like BTCPay is still better.
Just thinking that since this is about privacy and data leaks it is worth a mention.
The counterpoint is that if Shopify does get hacked (again) it makes the news, due to the size and nature of who they are and what they do. If some business is hosting it themselves and there is a data breach, if they don't find out about it or tell people about it we may never know that our info is out there.
-Dave