The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.
PayPal is working to close the holes.
"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN