HTTP GET versus POST controversy in light of Google Web Accelerator fiasco and How Google can solve it

Web applications requiring authentication and yet not opting for SSL are normally of low security types like Bulletin Board or little tiny todo lists etc., nothing earth shattering. If you are choosing HTTP connection, you are implying that your security needs are low or you are really really dumb.

Let me narrate a story from long time back. A King, name forgotten, got himself hurt while walking on the street. He got angry. He ordered his minister to cover the streets with soft clothes. This way he wouldn’t hurt himself again. A grand plan indeed. Soon the minister realized they are short of materials and by a large margin. So he politely suggested the King to wrap up his feet instead and thus shoes were born.

The moral of the story is it is easier to correct yourself then the rest of the world. And correctness is often relative. Microsoft did that with Internet Explorer, being lenient on the web developers by accepting almost anything passed to it.

How Google can wrap her feet or solve this problem?
Google can stop pre-fetching when it accesses any password protected page, pages protected by basic authentication.

Most application these days uses cookie based authentication. It is hard, if not impossible for Google to know if the cookie is being used for authentication. It should take a safe stance and avoid pre-fetching whenever it finds cookies. This will somewhat reduce the effectiveness of GWA. However it solves the pre-fetching controversy in the simplest possible way.