obviously make the clientside JS as passive as possible, so no chance of someone creating a low BTC value order that is seen as valid by the system.
Definitely, the JS Client Side will only display the price not process it; that can be done by the python/php module.
I think bitpay does something similar, well the button displays the $ price, you click it and enter bitpay page where $ price and equivalent BTC price are visible. Maybe they have an option to display dynamic BTC price on merchants site (not sure).
I think I'm going to build it so individual/lone web stores can also implement that feature, I'm also planning on using it on my own site.