is django-paypal safe to use it?

Question

i'm using django-paypal package to implement my site payments

settings.py

INSTALLED_APPS = [
    # other apps
    "paypal.standard.ipn",
    "payment",
    "...."
]
....
PAYPAL_RECEIVER_EMAIL = "[email protected]"
PAYPAL_TEST = True

views.py

...
def payment_process(request):
    host = request.get_host()
    paypal_dict = {
        "business": settings.PAYPAL_RECEIVER_EMAIL,
        "amount": "99",
        "item_name": "python_book22",
        "invoice": "some invice name22",
        "currency_code": "USD",
        "notify_url": "http://{}{}".format(host, reverse("paypal-ipn")),
        "return_url": "http://{}{}".format(host, reverse("payment:done")),
        "cancel_return": "http://{}{}".format(host, reverse("payment:cancel")),
    }
    form = PayPalPaymentsForm(initial=paypal_dict)
    return render(request, "payment/payment_process.html", {"form": form})


@csrf_exempt
def Done(request):
    return render(request, "payment/done.html")


@csrf_exempt
def Cancel(request):
    return render(request, "payment/cancel.html")

I have no idea how safe is this, because in client side it renders a form like this

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
    <input type="hidden" name="cmd" value="_xclick" id="id_cmd">
    <input type="hidden" name="charset" value="utf-8" id="id_charset">
    <input type="hidden" name="currency_code" value="USD" id="id_currency_code">
    <input type="hidden" name="no_shipping" value="1" id="id_no_shipping">
    <input type="hidden" name="business" value="[email protected]" id="id_business">                 
    <input type="hidden" name="amount" value="99" id="id_amount">
    <input type="hidden" name="item_name" value="python_book22" id="id_item_name">
    <input type="hidden" name="invoice" value="some invice name22" id="id_invoice">
    <input type="hidden" name="notify_url" value="http://127.0.0.1:8000/paypal/" id="id_notify_url">
    <input type="hidden" name="cancel_return" value="http://127.0.0.1:8000/payment/cancel/" id="id_cancel_return">
    <input type="hidden" name="return" value="http://127.0.0.1:8000/payment/done/" id="id_return">
    <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" name="submit" alt="Buy it Now">
</form>

Anyone can easily change <input type="hidden" name="business" value="[email protected]" id="id_business"> this and write other email, while system (can't/don't) detect it and the after the payment done to other account it returns the success url (however the payment was to other account).

Any idea ?? Sorry if i missed up things or had a misunderstandings