Often considered an unsupported customisation to Microsoft CRM 4.0, Microsoft have released a whitepaper detailing the supported methods to secure fields, not entities.
In brief, the document provides consideration to all angles of accessing data, and with forms in mind suggests that designers secure both the field with JavaScript (for accessibility purposes) and through Pre Stage Plug Ins to eradicate non authorised entries by simply removing them from the Propertybag.
You can download the white paper here:
http://download.microsoft.com/download/3/D/9/3D9D0AD7-A6E5-49DC-8963-C0B223250EEF/CRM4%20NB%20-%20SEC%20-%20Field-Level%20Security.pdf
(The googled link appears to be down..)
