Hidden fields can technically be updated by hackers. The better technique would be to use a Session variable to set the email address and use that so it truly couldn't be updated by the user. Just open your insert server behavior and set the value to the save session variable value instead of using a hidden field.
The autonumber shouldn't get a hidden field either. There is no reason for it since it is set to autonumber. Just leave it off entirely and it should be set correctly.
It is odd that the hidden field didn't get created, but in this case I don't think you really want one anyway.