That is not what @brogrammernot wrote. What @brogrammernot wrote was:
> As far as not using the JS, I was under the impression as long as you’re not storing the account or card numbers & utilizing the tokens properly you’re still at the base level of PCI compliance - meaning you’re securing your website, endpoints, data store etc in the same manner you should be already.
Note the the conclusion of "... in the same manner you should be already."