"The problem with the GWA is not that you can protect against it. It's not whether Rails makes it easy or not to do so. It's the fact that we know the Real Web doesn't behave uniformly like this. It's the fact that we know that the world of applications that exist with state-altering GETs out there is huge and not going to change tomorrow.What a pain in the ass.
"To willfully release an application that wrecks havoc, potentially wiping data left and right, is malicious. Especially when you consider the gains: Your web experience may or may not get a little bit faster. Are you kidding?! The sense of proportions, of gain vs risk, of price vs reward, is completely and utterly out of whack."