And while you're reading that, note that using POST just to "hide" the data is an abuse of HTTP. POST should be used for requests that have side-effects: amongst other things that means that a GET request with a given URL should usually give the same response (within some reasonable time-limit), while a POST request doesn't have to. It also explains why conforming browsers should give a warning when you try to reload a page that was produced from a POST request.

Of course. for logging in to a system, a POST request is appropriate.