When you buy something with a credit card, you essentially hand your credit card information over to the seller, and then the seller sends a message to Visa/Mastercard/Amex saying "Hey Visa/Mastercard/Amex! I've got Torizo's CC information right here. Torizo says you should give me money. So give me money. Send him the bill later."
That's why you can get screwed with credit cards if the seller is untrustworthy and abuses that info, or someone steals your CC info from you, or if someone steals your CC info from the seller.
Paypal works different. With Paypal, you put some money into your Paypal account (assuming you don't already have some money sitting there), and then you tell Paypal to push the money over into VGP's (or whoever's) Paypal account. VGP (or whoever) can't pull money from your account, Paypal will only ever send money based on a push from you.
That means that your Paypal account can only get compromised if the info is stolen from your side. It's much safer. And even if your info gets stolen, you probably don't have any money in your account for anyone to steal.
VGP is a small operation with bad security. They've been hacked before, and their customers credit card info was stolen and abused. And their security hasn't gotten any better since then. If you give VGP your CC info, you're basically begging for it to be stolen. Meanwhile, if nobody gives their CC info to VGP, then VGP has very little that's
worth stealing. You're protecting yourself and anyone foolish enough to give VGP their CC info by not giving VGP
your CC info.
Stick with Paypal on VGP. You can use your credit card to pay Paypal, because Paypal is a massive e-commerce company with ridiculously high levels of security. VGP is a mom-and-pop videogame store run by elderly people who are not so good with computer, but who have great taste in videogames and a willingness to put things into the mailbox.