If we are talking about a perfect solution, converting to POSTs won't cut it either. You can place a button on a site a which transfers data to site b. Sometimes it's a feature (vote here for our site), sometimes it's an exploit.
(Javascript may be another issue here? Can I issue post requests from Javascript?)
I suggest we add Barry's code to the stock release, issue a patch (request-processor-procs.tcl is stable over many versions of OpenACS), and then try to wiggle out a perfect solution.
