Or don't bother, since a lot of sites that actually buy into this sort of thing don't bother doing any server side validation. Want to be somewhat alarmed? Look up those old 'Javascript HTML encryption' scripts, and Google the sites that use them. Some of them didn't even bother to do anything more than a Javascript prompt for 'security'.