I think they should be applauded, for using the word "unlikely" instead of "incontheevable".
FTFY
From the PCI Security Standards Council "PCI Data Storage Do's and Don'ts":
Do not store any payment card data in payment card terminals or other unprotected endpoint devices, such as PCs, laptops or smart phones
And
At a minimum, PCI DSS requires PAN to be rendered unreadable anywhere it is stored – including portable digital media, backup media, and in logs.
Based on that information, I would say that PCs and, certainly in this case, game platforms (since the Xbox is really just a PC) would fall under the "endpoint device" category. Especially since the end-user has no control over whether or not that information is stored on their device because only Microsoft can alter the code that allows or disallows the storage.
Fortunately "reasonable" doesn't have to come into play here. PCI auditing standards exist so the human fallacies (potentially) of reason and common sense are mitigated by explicitly defined controls that anyone who deals with credit cards at all must adhere to. Someone like Microsoft, thankfully, would probably be even more scrutinized by auditors, not only because they are Microsoft, but because Microsoft would want to make sure they are compliant.
That being said, PCI, in part, states that credit card info must never be stored, cached, saved...etc., in any device that is directly accessible to the customer or attached to the vendor's network unless sufficiently encrypted with even more controls guarding the public and private encryption keys. Basically, no XBOX should ever store credit card information, only account information at the very least. Even then, the credit card info that CAN be saved on Microsoft's servers can contain the CC number, cardholder name, service code and expiration date (cardholder data), but it CANNOT store the PIN, magentic stripe data or CAV2 code (card authentication data).
I think the goal here is to make it so patients can see this information regardless of the physicians' practice management system. Granted, it's very cool that some EMR systems will produce these records, but wouldn't it be even better if they could all produce a standard format that could be read by other systems and not in some proprietary format (as they all currently are, except maybe a few open systems like OpenEMR)? This way other medical providers, not just patients, could have access to ANY patients' chart without having to get a signed release from the patient (assuming they are conscious) and then having to wait for their primary care physician to fax the barely-legible records over. Imagine the time saved in an emergent situation if all this information was just a few clicks away.
Of course, any time data is widely available like this you run the risk of having it leaked or stolen, but it's really the inevitable solution and the company that comes up with the standard format and develops a way in which all these practice management systems can share their electronic records while providing reasonable security for transmitting and storing these records, is the company that will change the way medical information is shared and will ultimately save lives, whilst no doubt becoming very, very rich.
All power corrupts, but we need electricity.