I think you've mistitled this a bit. It's not the danger of hidden fields. It's the danger of trusting hidden fields.

I've written about this subject quite a bit in my web-related columns. The most important thing to note is that client-side data isn't really all that useful in a real life situation, except to identify a particular browser. Any critical data should be encrypted or kept on server side.

-- Randal L. Schwartz, Perl hacker