My question is, would this be any more secure, or is there a better way of doing this.

There are more ways of doing this than you'd might imagine. Some ways are quite inventive. Let me run a few by you:

• Persistant Storage: If you have the means of implementing some sort of persistant storage and creating unique ids for given sessions (see CGI::Session) then you can set up something like a database table where you store values and keys. A table might look like:

  create table session_vars (
  session_var_id integer not null 
                 default nexval ('session_var_id_seq') 
                 primary key, 
  session_id     varchar(180) not null,
  session_var    varchar(180) not null, -- or whatever size makes sense
  session_value  varchar(180) not null -- again... what makes sense
  );
  [download]

  You'd then store the values and retrieve them between pages as appropriate. You'd also need some logic in place in your code that detects that a session has expired and cleans that table out periodically of expired information.
• Encryption: I've seen more than one scheme used by application programmers where the hidden fields were actually encrypted between pages. Seems like a lot of trouble to go to from where I sit, but it is a valid approach. The encryption key would be stored on the server and something like Blowfish used for encryption/decryption.

There's two approaches, I'm sure other monks can come up with other ways.