This is in contrast to most OTAs in the US that are on a merchant model where they charge your credit card and have a pre-agreed upon net rate they pay for rooms to the hotel. This means the hotel has no idea what your credit card is or how you paid, just that a paid reservation with their partner was made.
This isn't very different than calling up a hotel and providing your credit card number and CVV / Expiration date on the phone to make a reservation. Only difference is that they sent it electronically.
Still, there's no notice of Booking.com sharing your data. The fact that hotels print it out and leave it at the reception is again another problem, though not entirely Booking's fault.
I still wonder why they chose to work like this, seeing as it's so easy to implement an authorization process without sharing card data.
I see that they're starting to shy away from requiring card details, which is a good thing.
Hotels might as well shoot you an email or call you to confirm - in fact, I think that would make for a better experience.