This stuff is all pretty good and relevant.

The most important thing is to turn off register_globals. register_globals is evil and makes php inherently insecure. Just say no.

If you're distributing a web app to others' servers, put a check in at the top of a globally included file that tests register_globals and refuses to proceed if it's on. That way your app is safe from administrators who erroneously turn register_globals on.

register_globals can be turned on and off on a per-directory basis (if using Apache anyway), so there's no excuse to turn it on across the entire server just because one broken application requires it.

Also, magic_quotes is evil. It is hugely misguided, and although it improves security, it decreases data integrity. I.e. backslashes, quotes, etc generally seem to get mangled and thrown around everywhere.