Forms (show and process) on the same controller or on different ones?

One Controller - Different Methods. Name the methods really clearly so you understand what is going on. Like showNewRegisterForm() shows a form that has not been filled in yet. validateSubmittedRegisterForm() - validates the form. If it fails validation then don't bury a bunch of IF ELSE code - send it to a new method called something like showValidationFailedForRegisterForm()
If it passes validation - again don't bury the next step in the same method - make a new method for whatever the next step is. This keeps your methods more compact and much easier to maintain.
Also the initial url for the form call has to be public - but all your other methods in the controller can be private which helps security. One pattern is to have the form address be the default index method of the controller. In that index method do some basic checks to confirm your form has been submitted etc - and then route to the appropriate private method. You can also add a hidden field and value to your form - and check for it first. If that value is not there, then its probably some kind of bot so there is no need to validate the form at all.