Well no one can change your application since that's hardcoded into the UCAS systems, even UCAS can't change your application. I really don't see how this is a major security threat, the worst that'll happen is someone can see your application, and seeing as we all flaunt our application details about on TSR, I doubt too many of us are concerned about people knowing it. Sure it'd be nice to know track is the Fort Knox of computer programming, but at the same time I don't think this is the end of the world.
we trust UCAS with our applications....sure it isnt a big deal if someone saw your choices, but you'd expect just a little bit higher level of security.....
BTW, how much do UK/EU students pay as an application fee (to UCAS)?
That sounds right. I paid SGD$50/- to my college (1pound = 3SGD), who paid UCAS on my behalf.
Yup, poohbear's right - you can't "hardcode" anything in web development, because nothing ever gets compiled - how could it get repeatedly recompiled with thousands of people accessing it at once? And even then, if you can get it in there, you can change it too. They have access to their own source code.
It seems odd that they used a POST method, instead of just md5'ing some cookies.