This is more difficult than it seems.
You won't have the Role constraint available on a Opportunity is Updated trigger. That constraint exists only on the initial Added to Opportunity.
I can think of one approach: check in Velocity for the OCR (it will be visible there), and if the role is not primary, throw an error (this aborts the send). It's pretty brute-force, but should work.
You could also consider only exposing (using SFDC permissions) Opportunities in Marketo for the person who is primary. That way you'd always know you were in the right context. May not work for your case though.
Ok so one more question. If the email I am sending is pulling info from the lead i.e. company name but 3 years later there is a new company name. I can't edit the lead so the email is still pulling the company name from the very first time they contacted us. How can I fix this. I am not sure why this is so hard to do. I just need to reference things from the contact or the account in an email.