While much of the previous post is accurate, the assertion that POST is secure is not. POST is most definitely not secure. Even though the parameter data is not passed on the URL, it is passed as clear text in the request body and is no more secure than passing that same data on the URL.
I would like to know if there can be any other way of passing the sensitive form data to the server without exposing them in the message body or URL. HTTPS specification is the only alternative to this?