yeah, you'll need to restart apache for sure.
there's no "real" security problem if you're just running a local staging server -- it's not like anyone's going to get access to your scripts. but if your live server has register_globals on, it opens up your scripts to malicious access. (i'll explain that in a second.) if your staging server is not registering globals, you'll be forced to write safer code -- and when you do go live, you'll know that you've implemented at least one security measure.
now the technical stuff. let's say i'm passing a variable from a form:
PHP:
<form action="process.php">
<input type="hidden" name="foo" value="something" />
</form>
with register_globals off, i'd need to extract $foo in my process.php script before i could work with it. what i'll do is define $foo as a variable that can only come from an http post method.
but if register_globals was on, $foo would automatically be recognized and i wouldn't have to define it as such. which is more convenient, but consider if some miscreant entered the following URL into their browser:
Code:
[url]www.domain.com/process.php?foo=somethingelse[/url]
because i'm not ensuring that $foo is coming from a post, it's possible to spoof the variable and send it through a get method.
real life consequences: if you're not handling money or senitive data, probably nothing serious. still, it's better to make sure you know where your variables are coming from, just to make sure your scripts work the way you intend them to. you never know, someone might mis-type a URL or a search engine could feed your script an outdated URL with a paramater that is no longer accounted for.