Hidden field vulunerability

Sorry that I have posted this @ stackoverflow but unfortunately no response.

I have a project with a client - ASP.NET, Dot Net 4.0, Telerik Controls 2013.

Recently my client has sent the System for security scan.  Some 'red' alerts requires me to fix.

They ask me to validate the hidden fields:

__EVENTARGUMENT, __EVENTTARGET, RadScriptManager1_TSM, RadStyleSheetManager1_TSSM etc.

Those fields are automatically generated and I do NOT use those hidden fields. My understanding is the Telerik Contrls hidden fields are for visualization purposes etc.

I already told them that they are NOT used in the System and I do not think they shall be validated but their security team said that: "hidden fields can still have unintended data injected into them when a proxy is used to intercept the traffic" and ask me to implement server side validation. (I have also send a document from Telerik that the Telerik controls shall have no security issues.)

I then google and studied the Stackoverflow questions

1.  Are the ASP.net __EVENTTARGET and __EVENTARGUMENT susceptible to SQL injection?

https://stackoverflow.com/questions/2580491/are-the-asp-net-eventtarget-and-eventargument-susceptible-to-sql-injection

and 

2. asp:RequiredFieldValidator does not validate hidden fields

http://stackoverflow.com/questions/6607984/asprequiredfieldvalidator-does-not-validate-hidden-fields

To be honest, I have no idea in how to implement the validation even I read the stackoverflow posts. My questions are:

1. Shall those hidden fields be validated?  Any best practices?  Even I do not use them.

2. How shall I implement the server side validation? Any example? (After reading the stackoverflow posts, ... I get lost... sorry.)

3. What shall be validated? I do not use the hidden fields.  Validate for what values?

4. It leads to a bigger question.  If I have other 3rd party controls, I need to validate everything that is not under my control even there is a security report from the 3rd party vendor.  Right now they even ask me to validate the ASP.NET hidden field. I just wonder - does it make sense?  If I use google map, then I need to validate google map?  IMHO, it is practically not possible.   Is there any best practices?

Thanks and regards,

Alfred