From Dark Reading:
Google's much-anticipated mobile payment application locally stores some sensitive user information unencrypted, such as a cardholder's name, transaction dates, email address, and account balance, new research released today reveals.
What is most concerning is that Google apparently felt that layered protection on a non-rooted Android phone was sufficient:
A Google spokesperson points out that the viaForensics report is based on research conducted on a rooted Android smartphone. The report also applauds the layered security built into the OS and app, the spokesperson says. "The viaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet," the spokesperson says. "But even in this case, the secure element still protects the payment instructions, including credit card and CVV numbers."
Of course, a percentage of Android users (the article mentions 10-15%) do jailbreak or "root" their Android phones, and that is not to mention the potential malware that can compromise an Android phone remotely and potentially gain access to the information.
The bottom line is that if you are using Google Wallet, you should be concerned about what credit card information is being stored on your phone and how exposed that data could be.