Maybe. It has been downloaded over 500,000 times (availability at 50+ FTP sites means it is unknown how many more times than that) with no reported system security problems. It uses the Perl Safe.pm module for user-embedded Perl subroutines and conditionals to make use of those pretty carefree.
However, there are definite potential problems with credit card number security that can be avoided:
Unencrypted credit card numbers stored on disk.
If you don't use MiniVend's encryption capability for encrypting credit card numbers, or the real-time payment (CyberCash, etc.) interface, then there will be unencrypted credit card numbers present in your session database files.
If your system is the target of a break in, then these numbers would be available to any user ID that can read the session files.
This is the reason MiniVend defaults to read/write permission for the MiniVend user only.
Unencrypted credit card numbers sent via email.
The same things apply for orders sent via email. If it is not encrypted with PGP, then it is at risk.
The default demos also store the orders in the file etc/tracking.asc, so you should check there as well if you want to scrub existing credit card numbers on disk.
Running in INET mode from another machine.
If you are using INET mode, and the transmission is going via the network to another machine (i.e. not localhost), then you should be possibly concerned about which wires your SSL-encrypted data is traveling over. You should be behind a firewall, firewall router, or at least some sort of spoofing-protected filter.
Running SQL databases without WRITE_CONTROL or other permission blocks.
It is possible to enter arbitrary SQL in some search definitions. Though MiniVend tries to block non-select calls, this is not bulletproof. It is best to have certain tables be read-only for MiniVend, i.e. no insert or update permission. For tables that must be updated (i.e. userdb, transactions, and orderline) should use the WRITE_CONTROL capability and the NoSearch directive to protect them.
The bottom line is that security needs to be your concern. MiniVend tries to warn you and provide means for protecting customer data, but it can't stop you from doing all unwise things. The author stands behind the license for MiniVend and disclaims all responsibility.