re: #1, EC for Digital Goods is a solid choice for digital goods sales. If you don't need the digital-goods specific features you can also use PayPal's regular/plain EC or the newer RESTful products.
re: #2, EC doesn't do the payment until you make an API call (well, unless you explicitly ask it to with an added parameter). So you can use either the response from the DoEC API call or set up IPN. If you do choose to actually have the payment take place on PayPal's site you have some small chance of the user paying and not redirecting back successfully (e.g. they close the browser window, or the network hiccups). This should be very rare & you can probably handle it manually or with some other mechanism, but this is one reason people like IPNs: PayPal will try repeatedly to push you the info, so it requires more than a transient failure to not get the word (eventually).
re #3, it sounds like you know to validate the IPNs. And if you use GetExpressCheckout API calls you are hitting PP so again you can be certain of the source of the reply. This is one advantage the API integration model has over the redirection-based mechanisms in Website Payments Standard (although if you were using WPS you could use a feature called PDT to ask it to send you the same signature block as is used in IPN so you could post back to PP to validate the redirection contents).
