I run a couple of Drupal sites on 1and1 for historical reasons (3 years free). A while ago, I dutifully upgraded them to Drupal 5.7. And was surprised to find that PHP's register_globals was enabled.
All this time, I've been running with a .htaccess file which explicitly disabled that setting -- if 1and1's Apache was running mod_php only, it turns out. Apparently, such PHP settings in .htaccess files don't do anything if running PHP in CGI mode.