I see that you have not recieved an answer so I'll give it a shot.
1. My preference is to do the whole site https
2. cant say for sure if it is secure...but at the least you should rename it so it does not have "mail" in the name. If there is a hole you can be sure that it(form2mail) will become a hot search term.
3. If I was to store CC#'s I would encrypt them with DES. Dont forget to validate with the Luhn formula(mod 10) first. You should also consider encrypting ~all~ customer data.
4. With an email client, driving to the server everyday would get bothersome
I would encrypt it with pgp or similar, this however may be beyond you and your client. No offense intended but it is not the easiest thing to do if unfamiliar with it. The best alternative is to split the CC# in two parts and send each part in a different email. For added security with this method you may wish to send each part to a different email address. Do not use IMAP-do not leave the mail on the server.
You say you are not experienced, this is not the thing to gain experience on, the repercussions are enormous. Hire it out or buy a canned solution. Just MHO.
a note of caution: unless your client has a very good (personal) relation with their bank it might be better to obtain a seperate merchant account for the online activity. That way if problems develop or they get slammed with too amny chargebacks they do not loose their brick&morter merchant account too.
HTH