It depends on what kind of information you want to handle and store, and what the laws are for your server location (California) and your location. If you're thinking about storing legally regulated information (credit cards, medical data, among others) there are all sorts of hoops you'll have to jump through. These concern not only access from the Web, but also access from the server by other users and system administrators, as well as physical security and communications security. When millions of persons' medical data can be stolen by someone breaking into an office and lifting a PC, or stealing a laptop sitting on the back seat of a car, this is taken seriously. My understanding is that it is possible to do this on shared hosting, but there are a lot of minute details to attend to, and you'll have to pay for your host (LP) to be security audited.

If your "membership" data is nothing terribly sensitive, or at least nothing that you can get taken to court for losing, a shared host should be enough. If in doubt, use SSL (https) for pages with password entry and any personal data (mailing addresses, phone numbers, etc.).