register_globals = on; suicidal

Yes, unless care is taken while coding. Imagine register globals is on and a include uses a variable from the user submission or from coded in urls like page.php?v=mod/login.php, well this can be manually rewritten to page.php?v=, which will eventually force php to include the remote hostile code into your code.. and provide a method for cunning, hackers to check, inspect or even alter the content.

Check Point Software