I've used eCart before, but this is the first time I have used it with paypal pro. It seems to be connecting fine to the sandbox. However I have some security concerns.
1. I notice that some pages contain all the API user, password, signature in them - and these are in the public part of the site (eg checkout.php). Is this safe? Surely if someone downloads that page or uses a tool like 'Site Import', they'll have the api access details?