Display read-only Phone Number field in browser, while disallowing editing via form, even if user modifies the DOM to remove the readonly attribute

ReadOnlyFieldSubscriber.php

<?php

namespace Acme\UserBundle\Listener;

use Symfony\Component\Form\FormEvent;
use Symfony\Component\Form\FormEvents;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

/**
 * Configures fields that are read-only to the user completing the form
 * and unchangeable.
 *
 * @author johnkary
 */
class ReadOnlyFieldSubscriber implements EventSubscriberInterface
{
    private $factory;

    public function __construct(FormFactoryInterface $factory)
    {
        $this->factory = $factory;
    }

    public static function getSubscribedEvents()
    {
        return array(
            FormEvents::PRE_SET_DATA => 'preSetData',
            FormEvents::POST_BIND => 'postBind',
        );
    }

    public function preSetData(FormEvent $event)
    {
        $user = $event->getData();
        $form = $event->getForm();

        // During form creation setData() is called with null as an argument
        // by the FormBuilder constructor. You're only concerned with when
        // setData is called with an actual Entity object in it (whether new
        // or fetched with Doctrine). This if statement lets you skip right
        // over the null condition.
        if (null === $user) {
            return;
        }

        $form->add($this->factory->createNamed('phoneNumber', 'text', $user->getPhoneNumber(), array(
            'mapped' => false,
            'read_only' => true,
        )));
    }

    public function postBind(FormEvent $event)
    {
        $user = $event->getData();
        // The User's phoneNumber property is the same even if you modified it via the browser
        var_dump($user->getPhoneNumber());exit;
    }
}

UserType.php

<?php

namespace Acme\UserBundle\Form;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
use Doctrine\Common\Persistence\ObjectManager;

use Acme\UserBundle\Entity\User;
use Acme\UserBundle\Listener\ReadOnlyFieldSubscriber;

class UserType extends AbstractType
{
    /**
     * EntityManager that handles persisting User entities
     * @var ObjectManager
     */
    private $em;

    public function __construct(ObjectManager $em)
    {
        $this->em = $em;
    }

    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $subscriber = new ReadOnlyFieldSubscriber($builder->getFormFactory());
        $builder->addEventSubscriber($subscriber);

        $builder
            ->add('addressStreet')
            ->add('addressCity')
            ->add('addressState', 'choice', array(
                'required' => false,
                'empty_value' => '',
                'choices' => array('CA' => 'California', 'CO' => 'Colorado'),
            ))
            ->add('addressZip')
        ;
    }

    public function setDefaultOptions(OptionsResolverInterface $resolver)
    {
        $resolver->setDefaults(array(
            'data_class' => 'Acme\UserBundle\Entity\User'
        ));
    }

    public function getName()
    {
        return 'acme_userbundle_usertype';
    }
}

read_only is not meant to make a field read only on the server side. What you probably want is disabled. The major difference between read-only and disabled fields, as defined by the HTML spec, is that read-only fields are always submitted to the server (and consequently processed), while disabled fields aren't.