Well.... Yes. SSL makes the transactions secure, but that doesn't make it impossible to hack. So technically they're right. But saying everyone needs their own ip is not really accurate. In that the ability to hack multisite vs single site isn't different.
Now that said, SHOULD you run a store on multisite? Only if you're smart and careful. You share the code for themes and plugins, so you have to vet ALL OF THEM all the time, every time they update. You have a shared user base too, so allowing unrestricted registrations is not very smart.
But really that's the same, single or multi site, isn't it?
I run a store on my network. One site has 100% SSL, the rest only for login. It's secure, and it's no more at risk for hacking than a single site.