The possibility nobody considered - your co-workers might be right. Extra parameters that you never look at and pay attention to are not a security risk. Catching them may be a good development hook, but it isn't a security problem.

As for filtering, we have only heard your side. I have seen my share of convoluted hand-rolled security filters that didn't work. Your's may. Or it may not. But whether or not it does, I learned a long time ago to never take either person's side in a fight without hearing both sides.