The policy document looks great and carefully thought out. We have not finished our package development and released it yet, so we're not certain. One question is in regards to PHP configuration. For example our application requires "register_global" to be turned on in PHP (which has sufficient security structure in place where this is not a problem for us). What approach should we take here?