There are a number of ways to implement VPN. I've found a router flashed with DD-WRT firmware works well - it includes both VPN host and client components, so you can have one at each end, and have them automatically connect on startup to create a tunnel between the two networks. That said, VPN may not always be ideal for remote viewing, because it DOES add a fair bit of overhead.
DDNS is certainly no less secure than a static IP - if anything, you're safer, BECAUSE the IP is (potentially) changing periodically, rather than always being the same. That being said, not all dynamic-IP systems change randomly: with my cable ISP, for example, I'm technically on a dynamic system, but my IP hasn't changed in years... well, since the last time I swapped my router, anyway, since in a standard DHCP setup, IPs are tied to the requestor's MAC address. I can force a change of my IP by simply changing my router's WAN MAC address, but for the most part, it stays stable.
A static IP is not necessarily that much more expensive, either, depending on the type of service. For our residential service here, I can get it for an extra $10/mo. I believe business customers of both our DSL and cable providers can get it for an extra $30/mo. Of course, if you're on a high-traffic corporate service of some sort, that'll probably cost a lot more, but at that point you're probably paying a bundle for the service in the first place.
As for your customer's system going down: do you KNOW it was a hack or DDOS attack? Or could it have simply been some internal problem?