Hidden fields in a form can be useful, but they can also pose a huge security risk. Take an example of a web page which allows a user to edit a customer’s details.
<input type='hidden' name='customer_id' value='abc123'/>
<input type='text' name='first_name'/>
<input type='submit' value='Save'/>
Using a browser add-on such as Firebug it’s very easy for a user to change the value of that customer_id field…