As an update to my OP, what came out of it in the first case (claim unauthorized due to compromised PayPal account):
I offered the suggestions up to the PayPal rep that were given by some fine folks and this is pretty much the exchange:
Paypal:
"The response I've received is that you were not eligible for seller protection because the service you provided is intangible and not a physical item.
The buyers account had been accessed by a third party and it is this third party who made a purchase from you.
Since you are selling an intangible item or service you are not protected in these types of cases.
When you are selling services or intangible items we urge you to take precaution and make sure you are dealing with the account holder.
For example make sure any intangible item or service is provided to the email address the buyer is sending the payment from."
Me:
I have discussed this with others and some suggested that the precaution you urge on in these cases could be better satisfied if I send an invoice from PayPal instead, and mark it as a "Digital Service"/"No shipping required" -- after all, this would send the invoice to the e-mail address in question and ensure that I am indeed dealing with the account holder.
Would that be considered an adequate precaution? Would that prevent these kinds of claims from compromised accounts or should I also instate a forced waiting period before service is provided so any compromisation of accounts can reasonably be caught before work is done?
I don't think as a seller of digital services that there would be much else I could do that wouldn't severely impact the threshold of doing business.
PayPal:
It's good that you are considering how to make the experience of selling your digital goods through PayPal a better and safer option for you and your customers and prevent any losses. I think both your considerations are good options and would only improve the selling experience and ensure that it is as safe and secure as possible for both parts.
====
Basically, this means that PayPal is saying "make screenshots", although that doesn't at all add up to any sort of proof -- I added screenshots in my cases and it didn't help.
Otherwise they are saying invoicing and a waiting period are good ideas in the case of compromised accounts but they aren't saying anything definitive there at all. it's all very ambiguous what is stated, and they obviously have no interest to provide any sort of solid guidance for people selling digital services.
Also, none of this helped in the case of the "not received" claim which is actually a bigger risk than a compromised account (which can only be done once before the account is closed or fixed) and PayPal, even with invoicing, will not provide any sort of protection against these claims unless you have clear, unequivocal proof that the intangible goods were delivered (confirmation by the buyer) -- so be very careful and save all communication with buyers; it'll also help if what you deliver is unique for the buyer (e.g. commissioned work with unique results that can be proven like digital art is less at risk) which wasn't the case for me here.
I won't be using PayPal in the future for services that aren't unique services to the buyer or to buyers that don't properly communicate about the service and delivery or won't deliver proof of receipt one way or another.