Query (GET) parameters are always urlencoded and passed as cleartext, independent of the type of the field. POST parameters are not passed in the query, they are encoded in the request body, as well as the COOKIEs.
You can even "combine" them, by using query parameters in a post request.
So you can not actually hide any field, only move it to the request body, thus it will be not so obvious, but can be easily found by anyone having some http knowledge.
You can encrypt the query string, but that is no real encryption of the traffic, needs a little more knowledge to crack, but can hinder many from seeing the values passed. See this one for example: http://madskristensen.net/post/HttpModule-for-query-string-encryption.aspx
] (but there are more approaches like this out there...)