A friend of mine send me link to article in Wikipedia describing Cross-site request forgery attack.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF ("sea-surf"[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
(source Wikipedia)
This is how the attack is performed:
<img src="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory">
Note how simple this would be?! And end user won’t see anything – not even image :).
This illustrates why is so important when implementing REST in your services to do only read on GET requests.