Just taking a US credit card number without the name, CVD code, or zip code, is indeed a dangerous way for the person taking a payment to take one, opening them up to more possibility of fraud and chargeback.
In this case, it was Upwork and not the freelancer who decided whether or not to charge a credit card with only the number, if that's what they did.
I agree it's dangerous. But this guy clearly liked and trusted the client, a client that I'd guess is a fast-talking serial fraudster. So in the hypothetical case of the freelancer working directly, I think it's likely he would not be any better off.
Yes, but in this case it was out of his control entirely, he didn't have the option of verifying the name on the credit card. It was Upwork who (apparently? we don't even know) chose not to do that, not the freelancer. If he was taking the card directly he would have the option of doing it more responsibly; if a hypothetical freelancer read a story like this, they might be more likely to do it next time. Upwork, apparently not?
But if your point is that people taken credit cards get scammed all the time even when taking them directly, I agree, that's a thing that happens.
I don't think there's any reason to assume Upwork didn't properly verify the credit card.
And my point is not just that people get scammed via credit card, but that we don't have much reason to think that this particular person would be better off under your hypothetical case. Sure, he could have done it. He could have also read and taken seriously the requirement to use Upwork's time tracking if he wanted more anti-fraud protection. He could have detected that the client was dodgy and declined to work for him at all. There are all sort of possibilities, and we can't just pick one to draw lessons from.
In this case, it was Upwork and not the freelancer who decided whether or not to charge a credit card with only the number, if that's what they did.