Drupal - Protect form to external action from tempering

[cadaibao]

\[code\]function simple_form($form_state) { $form['item'] = array('#type' => 'hidden', '#value' => 'some_value'); $form['#action'] = 'http://external-website.com/'; $form['submit'] = array( '#type' => 'submit', ); return $form;}\[/code\]Simple Drupal form, gets called with \[code\]drupal_get_form(simple_form)\[/code\].Unfortunately, it is really easy to change the value of 'item' to something else in the form, and then send that value to the external site.As far as I tried, there is no way to check the form before it leaves my site.\[code\]function simple_form_validate()\[/code\] and submit never get called.How can I prevent that? Set the action to an internal function and then submit it after validating? How would I go about that?Unfortunately, setting\[code\]$form['item'] = array('#type' => 'value', '#value' => 'some_value');\[/code\]doesn't work? The external site doesn't receive the value for 'item'.Any advice?