Go with the SSL and IP (you must have the IP to use the SLL, it’s not optional).
You can buy the cheapest SSL, no need for anything more.
You should also run your WP admin on the SLL.
HIGHLY recommend you not store any credit card info on-site. Major liability that you want to avoid at all cost, plus meeting PCI compliance is not easy.
Also, WP-Ecommerce sucks big time! Horrible support, among other issues.
BTW, every month we clean up and secure hacked WP sites that used SiteLock. So don’t believe the hype, SiteLock does not stop WP from being hacked.