Imagine you're building a website, and you want your users to confirm their email addresses. So you send them a link:
http://example.com/confirm-email/abc-123
They click the link, and if the token is valid: success! The email address is verified.
But what if your user is a banker, and his email is scanned for viruses? And what if the automatic scanner follows links?