Opencart used to have a CSRF vulnerability. This has lately been fixed apparently. Even so if there are still security issues does it even matter if Paypal is the only payment gateway method used (i.e does Paypal's own security override opencart's or any other e-commerce shopping cart for that matter?).
CSRF was fixed over a year ago in OpenCart (version 1.4.8 or 1.4.8b I think it was) - it's only on the admin side that this was ever done, so it has no effect on your payment gateway etc
You should use an SSL certificate for any site you intend to take people's personal information, regardless of how they make payments. That said, paypal (standard) will use all of paypals security, and as such you don't need to worry about that side of things, as any liability will lay with them should any payment details be lost/stolen during that process.
That said, I've never had an issue with any of my sites or client sites where any user information has been stolen as a result of bad paypal security, not have I actually heard anyone has to be honest, so you're in good hands if you use them