As with everything that can be altered by a person it is a good idea to check the input and try to secure it. It is a lot easier to view all information coming in to your server with suspicion.

The exact extent of this checking and securing you need to decide on.

If you have read the information on the web about how to check if a googlebot is really from google then you will know that you could go forward and reverse ip'ing every request that you get to see if the domain that they say they are coming from is actually registered to that name. Would this actually increase the security of your site; of course it would. How much would it increase security; not a lot. How much additional time would there be for each request to be pinged around with checks; a bit. Is this bit of additional time worth the added annoyance to your visitors, are they more likely to go to another location? So is that added security worth it? That is a question for you to answer.

So it depends on what you are doing with this information. If it is going into a database then you may need to use mysql_real_escape_string on it along with everything else that goes in (assuming a mysql database of course ;)). If you will be echoing that information back onto a page then stop people putting links to inappropriate sites in (so strip_tags is a good idea).