<img src="/?node_id=109;op=logout" /> isn't very nice, it will probably log out anybody who tries to load the image.

Even if perlmonks has some kind of protection against that, many web applications don't. Every action that can be done with GET request can be triggered, and that's often change of email address, write an article or even delete a user.