I fail to see how this solution prevents tampering with the coupons. Surely if the only access that users have is to the web server this is no safer...