The bad thing about leaving the tags there is that, any potential hacker can easily identify which version you are using. From another angle, if someone manages to find a security glitch in any WordPress version, he would be able to search for all blogs using that particular version.
Whenever you think of carrying out any ecommerce business, it is important to encrypt all your transactions with an SSL certificate, and also to obtain a private dedicated IP, and protect your identity in the WhoIs info database.
Changing the default username of WordPress blog is one of the most elementary security measures for preventing it from hacking. By default, the WordPress user name is admin. Normally, people don’t care to change it. By this, you are indirectly helping the hackers.