While exploiting a now-patched JWT flaw (see bug 1145024) I was able to change the price of an app to $0.00 and acquire it for free. The real app was priced at $0.99 so I was surprised that I was able to fully acquire the app. If a product is not marked free in the database then we should refuse to complete a free purchase. This might help protect against unknown future JWT flaws. We should also protect against reduced price attacks, such as changing a $19.99 app to $0.10
In the end all we really need is to be able to say: buy app X, or buy in-app product Y. And that's it, the marketplace can provide everything else without any opportunity for worrying about what the JWT says or doesn't say. I think the bigger goals of trying to do something with mozPay made our life more complicated without good reason. Perhaps getting rid of the JWT and mozPay wasn't the comment you were looking for though :)
Based on the recently announced future plans for the Marketplace to remove payments, closing these bugs.