In my Rails Best Practices slides, I only give simple code without any description (unless you heard my talk :p), so let me explain here.
my point is: “If you use RESTful design, you should NOT use default route.” Why?
You expect only “PUT /users/1” will update user data, but because you keep default route, so “GET /users/update/1?user[email]=firstname.lastname@example.org” still works!!
In the same way, “GET /users/create” and “GET /users/destroy/1” works too!! Even worse, the latter can create/update/destroy data without Request Forgery Protection :/ Rails does not check CRSF for HTTP GET.
Conclusion: Remove default route, use purely resource-based routes and named routes for special purpose.