In this paper, the challenges and a future vision of the cyber-physical security of photovoltaic (PV) systems are discussed from a firmware, network, PV converter controls, and grid security perspective. The vulnerabilities of PV systems are investigated under a variety of cyber-attacks, ranging from data integrity attacks to software-based attacks. A success rate metric is designed to evaluate the impact and facilitate decision making. Model-based and data-driven methods for threat detection and mitigation are summarized. In addition, the blockchain technology that addresses cyber-attacks in software and cyber networks is described. Simulation and experimental results that show the impact of cyber-attacks at the converter (device) and grid (system) levels are presented. Finally, potential research opportunities are discussed for next-generation, cyber-secure power electronics systems. These opportunities include multi-scale controllability, self-/event-triggering control, artificial intelligence/machine learning, hot patching, and online security. As of today, this study will be one of the few comprehensive studies in this emerging and fast-growing area.