Like @gambitking mentioned, it actually varies from merchant to merchant.
Each retailer (online or not) has to follow certain rules as part of their agreement to participate in the credit card networks. For example, here’s a portion of the operating rules that merchants must adhere to for Visa: http://usa.visa.com/download/merchants/interlink-operating-regulations.pdf.
Furthermore, there are standards and compliance conventions, such as the Payment Card Industry Data Security Standard, that provide exacting rules for merchants and banks to follow.
So, there are sites that do not store your credit card info at all, those that keep it on file for a short time or in a limited capacity, and those that will keep it “forever”... the latter is especially true of online retailers like Amazon who ask you if you want them to remember your billing info.
An example of the “limited capacity” would be physical Target stores. If you purchase something with a credit card at a Target store on Main Street and then go back to return it later, they can process that return with only the receipt… and the money goes back on your card because that store has kept your info. However, the store across town on Maple Drive would need your original credit card in order to refund the money back on it.
—
While it’s theoretically possible that a merchant can fraudulently/accidentally charge your card in the future, it’s very unlikely. The penalties for intentionally doing so are severe. Getting accidental charges reversed is usually rather painless.
However, I suggest being very, very strict about not giving out your checking account and bank routing number (a.k.a. automatic withdrawal). Even a single accidental charge there – if it’s large enough – can wreak havoc with your life. In resolving it, the bank would likely refund any overdraft charges, but you’d have to go to everyone that got a bounced check to make it right with them one by one.