Power electronics systems have become increasingly vulnerable to cyber-physical threats due to their growing penetration in Internet of Things (IoT) enabled applications, including connected electric vehicles (EVs). In response to this emerging need, a cyber-physical-security initiative was recently launched by the IEEE power electronics society (PELS). With increasing connectivity due to Vehicle-to-everything (V2X) and the number of electronic control units, connected electric vehicles are facing greater cyber-physical security challenges. However, existing research extensively focuses on the network security of internal combustion engine vehicles and fails to address the cyber-physical security of EVs specifically. In this paper, the challenges and future visions of cyber-physical security are discussed for connected electric vehicles from the perspective of firmware security, vehicle charging safety, and powertrain control security. The vulnerabilities of EVs are investigated under a variety of cyber-attacks, ranging from energy-efficiency-motivated attacks to safety-motivated attacks. Simulation results, including hardware-in-the-loop (HIL) results, are provided to further analyze the cyber-attack impacts on both converter (device) and vehicle (system) levels. More importantly, an architecture for the next-generation power electronics systems is proposed to address the cyber-physical security challenges of EVs. Finally, potential research opportunities are discussed in detail, including detection and migration for firmware security, model-based, and data-driven detection and mitigation. To the best of our knowledge, this is the first comprehensive study on cyber-physical security of powertrain systems in modern EVs.