If magic_quotes were used for security in the first place (they shouldn't be), then yes, removing might open up new risks. On the other hand, leaving magic quotes in place for security purposes IS a security risk.
You ALWAYS need to handle unsafe data in an appropriate way. All data that is beyond your control is unsafe. Beyond your control means all data coming from any external source, such as a POST request (no guarantee that the user is using your form or javascript validation to post data, they can forge their own request).
"Appropriate way" depends on the data type and where it's supposed to be used.
Thus, for use with a database, use whatever DBMS specific escaping mechanism is at your disposal, such as mysqli::real_escape_string for strings, cast ints to ints and floats to floats. Or use prepared statements instead. Adding slashes to some characters may or may not make input safe.
For when you intend to pass external data on as shell command arguments, escape each such argument with escapeshellarg().
For when you take a query string variable (ends up in $GET) to change some setting for the user viewing your page and want to retain such information by correspondingly updating links on your site you should deal with this by urlencoding all query string variable values you wish to retain, and if you for some reason have to forover GET and don't know the name or form of every possible key (which I find hard to believe), then you should urlencode these as well.
