Security is important to PayPal, which is why PayPal has an internal security system that will block payments from time to time due to many different risk factors. Due to security purposes we are unable to disclose the risk factors. As a result from time to time there will be blocked payments, including Payout's payments. This is also a protection that is added to help prevent outside users from siphoning off all of your PayPal funds.
Since you are sending the API calls from your server, there is no reason that you cannot build in your own 2FA authentication in your own server. Also storing your credentials in a secure database that is not accessible to outside parties would be another good option to ensure your credentials are secure.
Here are some basic Security Guidelines
Since your concern is with an outside party gaining access to your Client ID and Client Secret, the best course of action is to ensure that you are storing your credentials in a secure server. You can setup your server to have a two factor authentication, this would need to be performed on your server end.
We also recommend utilizing an SSL certificate to encrypt sensitive customer data passed from your server to PayPal's secure servers.
Thank you,
Jennifer
... View more