If you can redirect someone to that page you could redirect them to any page... But they want to go to PayPal, you send them there, and you pass along some post data to hijack their session.