someone can gain access to pages you want secure by using something like
www.domain.com/admin.php?logged=1
if you have a variable named $logged for a session, it could let them into the admin area, however if you access the session variable with $_SESSION['logged'], they won't be able to do that, it is just best to turn register_globals off, then you will make sure of security and your code will work regardless if it is off or on.
