Even if the request method is post, you can write a PHP script to post the data, and it will be still exploitable. If I am wrong, correct me =)