There are definitely security issues with querystring variables. They can be easily manipulated.
Form data, unless submitted over HTTPS, is also insecure, but not as easily forged as querystring variables.
You could use the SESSION scope which is maintained at the server level. And those time...