This is slightly offtopic, but I found out recently that Amazon Wish Lists are rather useful if you need to track down an owner of an e-mail, who doesnt want to be found.
Google was drawing blanks, then using Pipl the only hit was Amazon Wish List, from which I found the full name, after that Google took over.
I suppose the owner of the e-mail address could have used a fake name for the wish list, but usually people do not.
The article lists several lessons learned from this, but really there's only one huge issue: stop using GET to modify state that the user cares about! Use POST! It's not hard! Or rather, it's less hard than dealing with the subtle problems that crop up when you use GET when you should have used POST.
I think it is. Someone could add a bunch of porn to my Amazon wishlist. But they probably won't.