Forms can always be modified. People can create their own 'forms' by writing scripts with LWP and send you whatever they like. This can be done with secure servers (if you're meaning HTTPS protocol here), as well as with normal HTTP servers

The important thing is to keep this in mind when you write your perlscripts, run all CGI scripts in Taintmode (-T), and carefully check whatever is sent to the script, validate everything, and never, NEVER trust your input!

--HolyGrail