IPN won't know if they manipulated the form. It will pass back the amount paid so you can verify it wasn't changed on your side. SDK buttons would not be able to be updated, but yes they can't be manipulated easily to add things like userid.
IPN will get information for successful payment as well as cancelled, failed, or expired subscriptions so you can update your database on those events.