How simple sysadmin was in 1994 with no cryptography on any protocol. Everything could be easily MITM'd. Your credit card number would get jacked left and right in the 90s.
Not in '94, sure. But a couple of years later it was common and SSL was still uncommon, for a bunch of reasons, and also everyone was storing the card numbers in plaintext on their servers too.
Telnet was sniffed. IRC was being sniffed and logged.
Yes, I worked on some early ecommerce sites. Often, we'd accept credit cards with SSL and then send them out with email (plain text SMTP) to the customer, for manual entry. Very secure.
And your mailman can also just open your letters. So what, it mostly doesn't happen in developed countries. Not everything needs an airtight technical solution, we have way less costly ways to deal with unwanted behavior.
