The inventors of HTTP imagined very different purposes for GET and POST; they should not be considered interchangeable even though you can often make them so. Google for "REST architecture" or try this WikiPedia introduction. [ January 04, 2006: Message edited by: Stan James ]
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
To turn things around a little: If you have sensitive data you don't want to make visible by appending it to the URL, you can put it in "hidden" form fields. They still go to the server, but as form fields instead of a URL string. This has the effect of making them invisible in a browser's address field. Of course, they're not encrypted or anything, and would still be accessible to a determined snooper. But hiding data via POST has the advantage of preventing dumb questions from users, like "what's all that stuff at the end of the URL?"