During the last months, more and more self proclaimed PHP security experts have started spreading the FUD, that register_globals is evil and that you should always switch it off, when you develop or deploy an application. This has resulted in vendors ignoring or playing down vulnerabilities, which are only exploitable when register_globals is turned on. Even when their own hoster has this option activated, they claim the vulnerability is in PHP's register_globals and not in their application.

I strongly disagree with this kind of argumentation and because I see similiarities with the actions of a certain big software company I usually refer to it as Trustworthy PHPing.