In zabbix frontend code we use "$_REQUEST" PHP global variable which contains data provided by both HTTP methods - POST and GET. Which provides possibility to login with url

zabbix/index.php?request=&name=login&password=passw0rd&autologin=1&enter=Sign+in

Yes, it provides some flexibility if someone really needs to login using GET method, for example from a custom web page etc.
But for other people the GET method availability may be considered as a security issue and they would want to disable it, preferably through some configuration parameter.