I think the authentication problem is more dangerous. If you fix the GET issue, you're still allowing any savvy stranger to delete your articles by hand.

There are two problems.

1: disabling cookies bypasses security checks

2: a GET request is not side-effect free

The root cause is the combination of both issues.

There is no more security in DELETE than there is in GET. Using DELETE over GET would only decrease accidental changes.