It is generally considered bad practice to accept input that is derived from JavaScript because of the principle that you should not trust anything from the client.
But wouldn’t this also mean that you can’t trust drop box selections, etc. without verifying it on there server? You can easily add your own selection options in Firebug.
So, if I violate this best practice (since I’m not accepting credit card payments or anything as security critical as that), are there any techniques for minimizing risk of problems? For example are there ways to make it more difficult for the end user to modify the JavaScript created values? And while we’re at it, is there any way to increase the difficulty of modifying drop boxes, etc.?
You wont be-able to stop the client form tampering with your form data.
You could add a hash taken from all the known values you provide and store store them in a hidden field. or an encrypt the values kind of like a paypal button dose.
Still both of these methods will require server side validation.