Currently, some changes like patrolling or reverting can be achieved by GET requests. This is unfortunate because usually you don't expect a link changing content.
Some browsers offer automated link-checker-plugIns/addOns. They iterate over all links they find on one page to see whether the contents are available or whatever. Unfortunately the requests are sent with the session cookies.
The issue are the revert links in the watch list and other lists.
Recently a user unintentionally reverted all edits (where possible) included in their watch list.