It's just a javascript check. If the user disables javascript they'll never see the error and will go through registration as normally, because you've no PHP check to stop them. I suggest implementing both the javascript and the PHP check just to be safe. The PHP check may cause them to lose registration data, but that should only happen if they disabled javascript and never saw the javascript validation error.