[TYPO3-mvc] Secure parameter transfer

[Wowbagger]

Hi!

I have a security question about my extbase extension.

Let's say I have a form with which users can register. This is the showAction:

    public function showAction($formData = NULL) {
            $this->view->assign('role','user');
	    $this->view->assign('formData', $formData);
    }

In fluid the form looks like this:
  <f:form action="create" object="{formData}" name="formData" arguments="{role:role}">

The user completes the form and submit it to the createAction

 /**
     * @param array $formData
     * @param string $role
     */
    public function createAction($formData, $role) {
..

Is this secure? Or is it possible, that the user changes the role parameter, so that he gets „admin" instead of „user"? 

If yes, how can I do a secure implementation of this?