Ah, PayPal
Don't like them much, but can't fault them for leaving stray issues. As far as security is concerned, they actually are leading the pack.
The fact that the lawsuits would be humongous might be an incentive.
Two vulnerabilities in popular payments platform PayPal emerged this week. A cross-site scripting flaw affecting the web payment service was fixed last month, but another flaw is yet to be resolved. The unresolved vulnerability creates a means to bypass the security approval procedure and two-factor authentication applied by …
Yep; and a bit annoying if you have one PayPal account, with several completely different identities - I collect donations from a few different sites of mine in the one account, and there's a different email address for each, but no way to ensure that a different name is given for people based on which one they used.
I'd like, for example, if people who donate for the Toppy site get a message thanking them for that, not referring to the fact they paid Nigel Whitfield.