In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
As Don points out, SHOULD NOT is not at all the same as MUST NOT. There is this, also quoted by Don:
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature.
The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.
I'm with Don on this one though - the user in this case is a bot, not the person in front of the screen. Most people who are using applications with unsafe GETs are not, in fact, internet spec experts, and have no idea that the bot they installed - the one promising faster page loads - is busy hitting all sorts of page links that may have side effects.
An interesting question at this point would be - how many internet banking sites have unsafe GETs embedded in them? If there are any, I rather expect that the first GWA interaction with one of those will be interesting, to say the least...