The problem falls with PCI-DSS Compliance rules & regs.
While I know you do not need the CVC (Card Verification Code) for this type of payment, it is still always best not to store card information locally. Even with public/private key encryption, it still is a risk that should be considered.
I know the Blesta team is very cautious when it comes to security, but I still think they may not want to develop it.