Actually, the security of the PaymetRequest is pretty much out of your control as soon as the PaymentRequest is created on the server. You have no idea what the hotel does with it. Also if it's stored in the hotel server I have to trust the hotel to keep it safe for me.

Well, yes. But if the hotel itself is hacked then the whole process is meaningless, no? The hacker could just make the hotel think the proof of payment is correct even though it was never made at all, for instance.

Maybe the hotel example is not perfect for this discussion. Let's instead assume that the server holds yearly subscriptions to some expensive video service. If that service stores PaymentRequests for all their subscribers, and accept them as proof of payment, that would be similar to storing username and (possibly hashed) passwords for all subscribers. If all the PaymentRequests for all users are stolen, then they have to shut down all accounts if they discover the theft. If they don't discover the theft the "accounts" are out in the wild, for sale, for blackmail, etc.

Wouldn't it be better if the service don't accept the reusable PaymentRequests as proof, and instead accept a proof generated on demand, at the very moment it is needed, and that it is only usable once? From a usability perspective there is no difference; The users simply need access the service and authorize the proof being sent to the server.
 
 
Another thing is that you assume BIP0070 is used for payments, which isn't necessarily is the case.

It's just a convenient place to put things. There are lots of useful features that need BIP 70. I hope eventually all wallets will support it.

I also hope BIP0070 will take off. It would greatly improve the user experience. But even then, all payments are not BIP0070. BIP0070 is primarily for merchants who have the skills, time and money to use certificates. I don't think a lottery at the local church would want to set up a secure BIP0070 server, but they still might want to use bitcoin for their lottery.

Regards,
Kalle