New Paypal gateway UI is a disaster

Hey. I decided to get a paid plan on Github and Paypal looked like a good payment option to me. Click the blue button here:

This looks and feels really good. Lightweight elements, updated color scheme and new logo. Except one thing - how do I know this smooth and lovely popup asking for my Email and password is authorized / belongs to Paypal.com ?

"These emails warn you of account problems or other urgent issues to trick you into clicking through to a scam website. The scam website asks you to enter your user name and password or other account information. Once you do this, you've given your information to someone who might use it to do you harm"

There's no way to detect if the iframe is located on paypal.com or WeWantYourPassword.com. The best you can do (if you're into webdev) is to fire up your developer console

But as long as the attacker can detect when the user opens devtools all your efforts are futile.

This seamlessly looking UI is a major step back - we've been teaching users to trust in the address bar and nothing else, for 20 years! After a couple of successful payments with such fancy gateways they will stop caring about basic security measures.

I created a ticket here about spoofing attempt. Because I really don't want to type my Paypal password while I'm on Github.com.  How do I know Github wasn't hacked or something?

Some good news though: the Coinbase gateway had the exact issue a year ago but now they open sign-in page in a new window. Kudos!