This whole thread is bordering on ridiculous... Do you even have a site? You have the skill to "remove the holes" in a PHP shopping cart (I'm dying to know which one, and what holes), in spite of the fact that you said you're just using a PayPal buy it now button in your original post, but you haven't even tested it with a real credit card (or PayPal account... which is it?). You can't find one friend to test your site for you, nor will you yourself out of security fears - but again, we're talking about PayPal so the transaction doesn't happen on your site and no credit card is ever typed in. And out of all of the reasons you could be suffering from missing sales, you're convinced that ninjas infiltrated your system to steal your one sale a day?
I call B.S... anyone who continues to post in this thread is wasting their time.