Re: Even using third parties, there are issues
Oh yeah. Big time.
Somewhere on Jewson's site is a link to the payment handler. Doesn't matter if it takes you to the payment handler's page decked out in Jewson finery, if it's an iFrame or some Web 2.0 thingummyjig. Somewhere there's a link. So if you hack into the Jewson site you can change that link and mount a MITM attack.
Which means you can't offload your security problems onto the third-party payment handler. You must ensure that your own site is secure. And periodically monitor that the link hasn't been tampered with (details left as an exercise for the reader, because a clever attacker will take steps to fool such monitoring, like detecting the IP address requests come from).