For instance, if doing user authentication, if we were to send the password and other authentication information via a GET, it could be cached,

One of the reasons it should not be cached is that authentication does change state on the server - it usually creates a session, and stores the "this user is logged in" information in the session.

Of course security is another reason, but your example shows that not all state changes are obvious ;-)