I have seen mant a times this parameter is set to off on php.ini
What would happen if this is set to off.
Some of my clients get errors while installing shopping cart.
Is there any major security risk if set to on ?
You have a good question here. When you set register_globals to off you are going to have more built in security at the expense of your scripts that required registered global vars. Since PHP4.2.0 the default has been to set register_globals to 'off'.
PHP.net has a fine write up on registered_globals and your time would be much better spent reading this link than my post.