Since electrum is a deterministic wallet it is possible to derive all the addresses in the wallet with the extended public key which is also known as the master public key (MPK). You cannot derive private keys with just the MPK and without the private keys you cannot spend your bitcoins. So it is safe to install the MPK on your web server and let it generate addresses for users to send money to without
any risk of theft. This is how
bitcoin payments for woocommerce does it. It is also how
mycelium gear works. It is how you should do things too.
You haven't mentioned which shopping cart software you are using? Perhaps there is a bitcoin plugin for that. Otherwise I can point you to opensource deterministic address derivation libraries in the programming language that cart is written in so you can make your own.