There is an issue about the JSON security from a long time.Researchers found that Hackers use the JSON wire format which is used by most popular AJAX frameworks to try and exploit cross domain scripts within browsers. Specifically, these attacks use HTTP GET requests invoked via an HTML script include element to circumvent the "same origin policy" enforced by browsers (which limits JavaScript objects like XmlHttpRequest to only calling URLs on the same domain that the page was loaded from), and then look for ways to exploit the JSON payload content.
This problem was solved by ASP.NET AJAX 1.0.
One of the feature of ASP.NET AJAX is that it do not enable HTTP GET requests by default.
More about the ASP.NET AJAX 1.0 can be read in ASP.NET AJAX 1.0 avoids JSON Hijacking