Adding security warning to properly specify HTTP verbs in Routing documentation?

This article (
routes-match-is-evil.html) explains why an overly liberal
specification of the HTTP verbs that a URL accepts can lead to CSRF
security exploits. He also submitted a patch removing the
"match ':controller(/:action(/:id))" from appearing in the default

However, this idiom is constantly used in the Non-Resourceful routing
section of the routing guide (
routing.html). Agreed that the routing is non-resourceful, so it does
not have to adhere to the same standards, but nonetheless, any routing
that changes server-side data without an authenticity token is
insecure. I feel there should be a warning and a discussion of the
issue in the routing guide.