Does "You are only as strong as your weakest chain" mean anything here? It seems like the letter of the law here is not expressing the intent of the law. Sure, Part 3 didn't explicitly mention don't store it on a client machine because its such a stupid thing to do there wasn't a point to expressing it. Doing such a thing completely undermines the entire PCI documentation because who cares how it's stored,transmitted, etc at the trusted source if it's written out to significantly less secure sources. Just go steal it from the least significant secure source. I fail to see how this language argument has any real point.
