Is the use of hidden fields in forms insecure?

Question

For example
Imagine I have the following form

  <%= form_for(@comment) do |f| %>

    <%= f.hidden_field :user_id%>
    <%= f.hidden_field         


        

Answer 1

If comments from un-registered users are allowed then why bother about the user_id at all, and if comments are only allowed from registered users then use sessions to track the user, instead of passing user_id in a form element.

And to answer your question if using hidden fields is insecure, without proper sanity check even the visible fields are insecure.