Is the use of hidden fields in forms insecure?

Question

For example
Imagine I have the following form

  <%= form_for(@comment) do |f| %>

    <%= f.hidden_field :user_id%>
    <%= f.hidden_field         


        

Answer 1

Data sent from the client to the server cannot be trusted without server-side checks (including HTML forms and browser cookies). The data could be maliciously modified or sent multiple times.

I have read stories about e-commerce sites that submitted the product price from an HTML form. A cheap user could edit the HTML form data they submit to the server to change the product price.