Hidden does not
mean secure!
Anyone can look at the source of an
HTML document.
hidden fields are part of the document!
If a form uses GET, all the name/value
pairs are sent as part of the URI
URI shows up in the browser as the
location of the current page
90