A friend of mine send me link to article in Wikipedia describing Cross-site request forgery attack.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
This is how the attack is performed:
Note how simple this would be?! And end user won’t see anything – not even image :).
This illustrates why is so important when implementing REST in your services to do only read on GET requests.