Because you write the coupon input is static you just might find a suitable solution using your PP profiles "saved buttons" options with a little imagination. All PP profile saved buttons are secure and payment values cannot be changed by remote bogus copies of those button forms.
But many have for years simply used Javascript to alter an amount from an entered coupon code check.
However do realize ANY PP pay button form that allows the amount total to be altered client-side is vulnerable and should be avoided in high risk environments (ie idiot / theft risks)... no goods should be shipped before hands-on scrutiny of each and every transaction is performed.
So other than the complex dynamic PP EWP process or changing to the ExpressCheckout methods (both requiring extensive alteration to your current setup), on page client-side Javascript functions are about the only options available but as said not uncommon.
Regards.
