Have a look at the postdata in the form in the page source. If there's some enormously long key/hash just being posted as form data, chances are it will use that price.
So I can just spoof the form and set my own price? I would hope they are more secure than that...
Try spoofing a PGP message, let me know how that works out for you.