Adding security warning to properly specify HTTP verbs in Routing documentation?

This article (http://homakov.blogspot.com/2012/04/whitelist-your-
routes-match-is-evil.html) explains why an overly liberal
specification of the HTTP verbs that a URL accepts can lead to CSRF
security exploits. He also submitted a patch removing the
"match ':controller(/:action(/:id))" from appearing in the default
routes.rb

However, this idiom is constantly used in the Non-Resourceful routing
section of the routing guide (http://guides.rubyonrails.org/
routing.html). Agreed that the routing is non-resourceful, so it does
not have to adhere to the same standards, but nonetheless, any routing
that changes server-side data without an authenticity token is
insecure. I feel there should be a warning and a discussion of the
issue in the routing guide.