I have no idea what that means (I'm not a developer) but this was the code I used when I worked in Eloqua: Pre-populate Single Pick Lists with DLPrepop | Oracle Community The main issue was Eloqua doesn't pre-populate drop downs on their own forms sitting their own landing pages (you have to use a jquery loop to compare Eloqua's equivalent of tokens to the select options), so the purpose of that thread was to figure out how to add drop down pre-population into the WDL code. That being said, that thread lays out the working WDL nicely and 99% of it was provided by Eloqua; all you had to do was plug in your instance information.
Well, I was just quoting you about the security. I doubt the Eloqua solution actually does respect security in the manner required. You see, the principal reason that embedded forms cannot securely include lead data is that there's no restriction on where (as in which hostnames) they can be embedded. Adding origin-based security, where the data source to some degree has to "opt in" to serving the data to the page, is the only way to meet this need.
Someday soon I will blog about how you can make this work (there is, by the way, a solution that I've shown to a few people).
but it is possible without compromising the security of the data being passed.
I just tested the Eloqua "solution" and it is by no means secure. And I'm not even talking about the fact that the demo doesn't use SSL. There is zero security on which pages can use the data service. This is exactly why embedded forms do not simply fetch lead PII into the page without any other verification.