I know that if this does turn out to be a legit security issue, Paypal's engineers will soon deploy a fix, after which I will just re-associate it.
The procedure is:
1) log into your paypal account
2) click "profile"
3) Click on "My Money"; or if you don't see that, look for the subheading "Financial Information" and click "Bank accounts"
4) You should see a link for the bank account; select it
5) click "Remove"
6) *confirm* on the next screen (be sure to click that "confirm remove" button)
7) See the confirmation message
Once was when 5 chargebacks came in on one day early in a month from a set of 5 credit card payments made by a single scammer; that put my account over some chargeback percentage level allowed by my merchant account provider and they terminated me on the spot after years of service. I had to ask dozens of customers with monthly subscriptions to sign up again with another payment provider, not all of them did.
The second time Google decided it would no longer allow AdWords ads for an entire category of (perfectly legal, non-scammy) services and suspended all ads in that category, including mine. Overnight my largest source of customers is gone and is never coming back. There's still Bing/Yahoo! but nobody quite matches the reach of Google for online advertising.
At this point I plan backups for the loss of every possible business relationship just to keep myself sane... while praying I never have to switch to the backups because there's obviously a reason they're the backup and not the primary.
I was always more afraid of paypal itself being able to get at the mandatory associated bank account so we created a special account just to link to paypal. Its kept mostly empty most of the time.
It was hell-and-a-half to get the bank to turn off the "overdraft protection" on the account.