Change default options to promote secure connections

[neocotic]

When support for JSON requests was added in 2.1.0, JSONP was kept as the default format to avoid it being a breaking change.

However, since this means that credentials are sent in the clear (by design, for JSONP), we should promote secure connections by changing the default options to the following:

{
  format: 'json',
  method: 'POST'
}

[neocotic]

I believe that the default value for the method option should be based on the value resolved for the format option:

format	Default for method
json	POST
jsonp	GET