1. Regards to Google Checkout info posted to ZC admin orders page...

I observe ALL the responses from Google Checkout display in the comments area in Zen Cart admin orders page.

Keep in mind all info posted to the comments area is available to the customer if they log into their Zen Cart (via MyAccount) which is possible if an customer with an preexisting Zen Cart account submits an order through Google Checkout or if a new customer wants access to their order through Zen Cart... which will likely be the case when downloads are supported by Google Checkout.

So it would be best if the Google Checkout mod posted most of the responses to an area on the orders page which is only accessible to the admin. (similar to as the PayPal IPN payment mod does... display the data in an HTML table above the order comments area).

The only Google Checkout responses that should be displayed in the comments area is info that the customer should specifically have access to and would also likely be submitted to the customer through an email notification. That would include state changes from pending to processing (or other orders status changes such as canceled or refunded). (again just like the PayPal IPN mod does).

If you don't have PayPal IPN mod installed or not sure which I refer to please let me know and I can show you an example of what data PayPal data shows in the comment boxes (and thus is accessible by the customer) and what data is posted to the admin orders page (which is NOT accessible by the customer).

2. On a related admin issue...

For an order submitted through Google Checkout I observe displayed in the first comment box on the ZC admin orders page "Buyer's Password: 34600848543"

If a customer already has a Zen Cart account, then checks out through Google Checkout with the same email address, it appears Google Checkout relates that order data to the preexisting Zen Cart account. If this is the case is the previous customer Zen Cart password overwritten with the new password created by Google Checkout, or does the pre-existing Zen Cart customer account password still hold true?

Also say if a customer whom never has set-up a Zen Cart account checks out with Google Checkout, and then later revisits the shop and decides to set-up a new account. How does that process work? Zen Cart would see an account was already set-up with that specific email address and thus not allow the customer to create a new Zen Cart account with that email address.

But the customer might not understand this and become confused. What is the mechanism in place to deal with such an issue. Maybe prompt customer to click on "password forgotten" link to obtain via email the account password created by Google Checkout.

And are there any security risks to consider here?

Hope this all makes sense.

Thanks,
Woody