The GET verb protocol should only get data and never modify or delete data. Calling GET twice in a row should always return the same result. Orchard violates this by allowing Edit and Delete through GET requests. For example (from IIS logs):
We made the unfortunate mistake of giving our search crawler edit access and everything in our site got deleted because the crawler found the delete URLs and executed them as a GET. The GET request should not have modified data, and if Orchard had followed
standard protocols, we may have had a lot of unfortunate content, but we at least would not have had our content wiped out.