[eluser]Alucemet[/eluser]
You really do not want to enable global xss filtering. There are many times when your input variables will better validated was integer or something that is less expensive than xss_clean();
If you have a low traffic site then it's probably not that bad, and in that case go for it.