If you accept GETs to perform write operations then a malicious hacker could inject somewhere links to perform an unauthorized operation. Your user clicks on a link - and something is deleted from a database. Or maybe some amount of money is transferred away from the user's account if he's still logged in to their online banking.

http://superbank.com/TransferMoney?amount=1000&recipient=2342524

Send a malicious email with an embedded image referencing this link, and as soon as the document is opened, something funny has happened behind the scenes.

There is atleast one situation where you want a GET to change data on the server. That is when a GET returns data, and you need to record which data was given to a user and when it was given.

If you use complex data types then it must be in a POST it cannot be in a GET. For example testing a WCF web service in a browser can only be done when the contract uses simple data types.

Using GET and POST where it is expected helps to keep your program understandable.

There is a nice paper by the W3C about this: URIs, Addressability, and the use of HTTP GET and POST.

1.3 Quick Checklist for Choosing HTTP GET or POST

• Use GET if:
  • The interaction is more like a question (i.e., it is a safe operation such as a query, read operation, or lookup).
• Use POST if:
  • The interaction is more like an order, or
  • The interaction changes the state of the resource in a way that the user would perceive (e.g., a subscription to a service), or
  • The user be held accountable for the results of the interaction

When you use POST, you can see the information being "posted" in the address-bar of the web browser. This is [apparently] not the case when you use the GET method.

This article was somewhere on http://www.w3schools.com/ Once I've found the exact page it was on, I'll repost. :-)

Because, if you use GET to alter state, Google can delete your stuff.

GET is limited by the length of URL the browser/server can handle. This used to be as short as 256 characters.