For starters, what is POST for.
Let's imagine that you have a site example.com and on it a form with a button that deletes an article.
On the server, of course, you check whether the user is authorized and whether he has the right to delete.
When the button is clicked via post, the following parameters are passed
article_id: 123
action: delete
If you receive this data on the server using $_REQUEST, then a situation is possible when an attacker does this:

<img src="http://example.com?action=delete&article_id=1">
<img src="http://example.com?action=delete&article_id=2">
<img src="http://example.com?action=delete&article_id=3">
<img src="http://example.com?action=delete&article_id=4">

Publishes such "pictures" right here in the comments on the toaster.
At the same time, your browser will of course try to get these pictures, and fulfill these requests with YOUR rights.
In case you are accessing $_POST - this trick will not work. In addition, the data sent via POST will not get into the browser history and into the logs of the wi-fi point or router through which you are sitting. The URL will hit, but the POST data will not. Unlike GET.
And $_REQUEST exists for convenience. For example, you have a search form that can work through both POST and GET. This is useful when the user can copy the URL with the search query.

POST / GET are needed just to find out how this data was transferred. And REQUEST - when we don't care.
In general, I recommend that you never use all these things and arm yourself with HttpKernel or PSR7