Just to get back to your question. Yes, there's nothing wrong with doing it that way. The hidden form fields would only contain contents that the user actually submitted themselves therefore there's nothing wrong with doing it that way. I would however not store passwords in the hidden form fields though.