I end up using some kind of state machine just about every time I build a web app. If you're just tossing PHP together to make something work, you might never happen upon a pattern like that, but as a professional developer these things definitely shouldn't be a mystery, even if you "just" build web apps.
Like all things, state machines can be overused and over abused, even during times when they are not ideal.
For HTTP to work best, you should try and keep it as stateless as possible. Keeping state consistent between multiple servers is very much non-trivial. If your web app takes off and needs to be scaled to more than 1 server, design choices such as state machines can really cause you very nasty issues down the line. You either have to keep state across a memcache system, which can get wonky with multiple requests hitting multiple servers, or you have to keep the state encoded inside a cookie which opens up security issues.
Sticking to stateless webapps is nearly always a better choice. Check out some guides to RESTful services to get started.
"new", "approved-by-other-user", "verified-by-admin", "hidden", "promoted".
I agree that at the HTTP level you shouldn't be using FSMs.
They also work great for transactional resources like a shopping cart order.