O'Reilly logo
  • tim siu thinks this is interesting:

can be seen if the user opens the HTML source of the web page, making this approach a security risk

From

Cover of Apache Tomcat 7

Note

request parameter cons