[eluser]boltsabre[/eluser]
It really depends on what parameters you're talking about.
It may be possible just to hard code them into your controller??? If so they are safe and cannot be tampered with by the user.
Hidden form fields should NOT be used with the view of "preventing user tampering". It doesn't matter if it's in the URL as a parameter or a hidden input, you'll still need to validate it in your controller or model! There are numerous plugins and browser extensions that allow users to tamper with post data (ie, the values of hidden inputs).
Remember, EVERY piece of user input has to be validated, there is no easy way around this. If it's an db ID/primary_key in your url, you'll have to validate that its an int, etc.