If a method is defined as SAFE (e.g. HEAD or GET), it means that they are intended only for information retrieval and should not change the state of the server in any way. In other words, they should not have any side effects at all.
Unsafe methods (like POST, PUT and DELETE) will change the state of the server. POST submits data to be processed. PUT uploads a resource. DELETE deletes a specific resource.
And then there is the concept of idempotent methods. To be idempotent simply means that multiple identical requests should have the same effect as a single request. A safe method is inherently idempotent because it does not change server state. You can't have a negative side effect if there are no side effects at all. Easy enough. Where it gets confusing is when we get into the unsafe methods. Let consider them.
If you have a PUT method, you are basically saying that you have something you want to upload to the server. If you do this once, the resource will exist on the server. If you do this ten times, the file will still exist on the server. No negative side effects, so therefore the method is idempotent.
If you use a DELETE method, you are removing a specified resource from a server. If you run it once, then the resource (if it existed at all) will no longer exist on the server. If you run it ten times... well, it still doesn't exist on the server. No negative side effects, therefore the method is idempotent.
If you have a POST method, then you are sending data to be processed. If you run it once, the data is processed on the server. The server state can be changed based on both the data supplied and the current state of the server. If you run it ten times, the way the data is processed can change each and every time, possible resulting in negative side effects. Therefore the method is idempotent.
I hope that helped. This was a pretty confusing area for me too. If you would like, I can post examples of all three to further explain.
[ December 19, 2006: Message edited by: Paul Bourdeaux ]