Remember that everything you show or send to the user can be read by others. I wouldn't use your approach, but it depends on the purpose of the application and what a (malicious) user can do in your system (e.g. is it read only or can he make changes in bookings?).
In any case I would secure the website with an SSL certificate (which is probably enforced by law as well since you're dealing with personal data).