It's worth noting that POST variables are only slightly hidden. It's only marginally more secure than GET (namely, POST variables don't show up in HTTP REFERER when you link to other sites). Login forms should generally use POST.
It's generally recommended that POST be used for forms that cause some kind of change (alter a database, submit a post to a forum, etc), while GET be used for things that don't (search results, for example). Some browsers take advantage of that distinction and warn you if you are about to re-submit a POST page (by clicking back, for example) so you won't accidentally double-submit.
GET may have limits on how much data you can submit. You can submit 1k worth of data reliably; often you can submit more but it depends on the browser and the web server, and possibly any firewalls/proxys in between. File uploads must use POST.
[edit]
If you can see the form variables in the URL, they didn't come from a POST form. If you put the variables in the "action" URL of the form, they will show up in the URL even if the type is POST.
