I got the same thing, although, because I own my own domain, I can use meaningful email addresses, so theirs would be wemoto@mydomain and I can always change the address and filter any spam sent to the old one.
If your card details are compromised by a data breach, you're not liable for any losses, because it wasn't you who were careless or negligent with them, the only hassle would be getting new cards.
PCI-DSS standards are actually very strict when it comes to storing card details, so any company that does is going to have some serious questions to answer from the card processors!