Since most users allow the browser to load images, an external image can be used to trigger an GET request to an arbitrary URL, and the browser sends all session cookies of the target domain to that URL. Without any interaction from the user.

While state change on the server side should not be triggered by GET requests they often are. So it's safer to forbid them.

I don't get the (ab)use case. A monk sets up an external img; another monk visits the homenode and their cookies from that external site are sent to the external site? Can you explain the problem?
--
Online Fortune Cookie Search

If that remote URL is a application/javascript file, I think that versions of IE will run it, and likely within the Perlmonks security context.

If that remote URL redirects back to Perlmonks, it can alter user settings, at least if there are holes left open here where we allow setting of vital things via GET.

<img src="/?node_id=109;op=logout" /> isn't very nice, it will probably log out anybody who tries to load the image.

Even if perlmonks has some kind of protection against that, many web applications don't. Every action that can be done with GET request can be triggered, and that's often change of email address, write an article or even delete a user.

also see Is your web application really secure? ("CSRF")