Currently you have three choices:
- Unset the request variables from
$_GET
or $_POST
- Manually set columns to known values after calling populate()
- Don't use populate(), but manually set values
None of these are ideal, which is why I have opened ticket #537. This will involve creating functionality to make secure population easy.