It's not a big deal. Just do a check on the backend. You can swap price tags in stores too, and they most certainly will not honor it if they realize.
I've done a mid 5 figure number of transactions through PayPal for digital goods, and I don't use the encrypted links (mainly because Flash doesn't support them). There have been a remarkably small number of fraud attempts (<0.1%).
One guy bought a game for $0.01, then initiated a chargeback when it didn't arrive. I raised my eyebrows, issued a refund, and the matter was over.
Not being able to trust the client is intrinsic to JS shopping carts, but I don't think this is a critical flaw.
Although I don't see what prevents merging the JS cart with a web based cart on the checkout page. Send the contents, and the page with the big 'click to charge card' button is generated server side.
I've done a mid 5 figure number of transactions through PayPal for digital goods, and I don't use the encrypted links (mainly because Flash doesn't support them). There have been a remarkably small number of fraud attempts (<0.1%).
One guy bought a game for $0.01, then initiated a chargeback when it didn't arrive. I raised my eyebrows, issued a refund, and the matter was over.
Not being able to trust the client is intrinsic to JS shopping carts, but I don't think this is a critical flaw.
Although I don't see what prevents merging the JS cart with a web based cart on the checkout page. Send the contents, and the page with the big 'click to charge card' button is generated server side.