If your register globals isn't off, and you haven't taken the proper means to secure your code, your visitor may send variables that you do not want them to. Lets see, for example...
echo "Welcome to the Credit Card Management System. Click here to proceed";
// Return visitor home with no authorizations.
So, whats so bad? Well, if register globals is on, and you haven't secured what can pass through your script, in order to access your CC Management system (this is an example, hope nobody has really done something like this...), you would need to send your uri as http://yoursite.com/yourscript.php?allowedaccess=1
Tada, complete control. This is assuming that they know the url and variables required. Sure, there are more simplistic methods around of gathering whats allowed and whats not, but I personally use a global feature with allowed arrays to pass through. The easiest way I can think of to help prevent such attacks if say your register globals are on (which I personally find a lot of servers doing), is to unset whats important. So, at the very beginning the the code snippet, your would have
This way if its sent, its ignored.