This flag enables the default early data behavior in a typical web browser. GETs and HEADs are safe and we already retry / replay them in certain situations. We could also support QUERY when that becomes a standard.
The risk is more on the server side: whether it has mitigations against replay attacks and whether it is managing the keys securely. We don't think the client needs to spend much effort determining on an individual request basis whether they are safe to put in early data or not.