None of these elements are better or worse than the others. They all can be manipulated and intercepted. Some users are afraid of cookies, so some Web applications use URLs or hidden form elements. However, none of these mechanisms is inherently more or less secure.
For more information on this topic, visit these other SearchSecurity.com resources:
Webcast archive: Keeping the bad guys out -- defensive strategies revisited, with Ed Skoudis