Ok in this post regarding image handler 3 in the
"Confirmed working mods in Zen Cart 1.5" thread

Kuroi says

Quote Originally Posted by kuroi View Post
Clyde has addressed the page registration requirement, but our analysis of it has shown that it also has destructive GET actions - one of the potential security vulnerabilities addressed extensively in 1.5, and which are a tad more complex to deal with.

Indeed that's going to be one of the challenges going forward in a PCI-certified world: understanding "it works" v "it's secure".
What exactly does that mean, as when i look at the code the vast majority of the gets are in the php code and not available to the frontend user to manipulate, i am not doubting or dissing Kuroi in anyway, he knows way more than me, I just don't understand what is wrong with the GETs, i have attempted to read the PCI specs but well I can't make sense of them they seem vague in parts and obtuse in others.

What should i be looking at replacing "Get"s with that would be PCI complant, If i was working on a mod, is it specific usages of the GET action?or is it the whole GET action that is the problem?