what is the security level of the code run and executed on PA? If there is sensitive information... is there any chance of a breach or data loss?

We take security and data integrity seriously, but there is always the chance of a breach or data loss. Anyone that tells you that there is no chance of a security breach or data loss on their system is lying or mistaken.

I would say it is more safe than running your own VPS. I was running my own VPS before, but I do not have time or the knowledge of how to optimize my server for safety. Having the staff at PA taking care of that makes it possible for me to just focus on the code, instead of keeping my server updated etc. So for anyone who is not a security expert, I would say using a service like PA or GAE is more safe than running your own server or VPS.

Many thanks... !!

so for sensitive information in a database are there any recommended practices? I've been reading and some people are arguing that encrypting db data is a waste of time.

It all depends on the threat you're protecting against. If someone managed to get access to your database but not your code, then using encryption in the database could potentially help (if it was done properly). But it is a huge hassle.

The most important thing IMO is to make sure that you use super-secure passwords for everything. 20-character randomly-generated ones are good.