Would I be taking a big security risk by trusting the content of the $_SERVER variable array to get the name of php file using $_SERVER['PHP_SELF']?
Many but not all of the $_SERVER variables are attacker controlled. For instance $_SERVER['SCRIPT_NAME'] is safe where as $_SEVER['PHP_SELF'] is a vary dangerous variable and is often the source of xss:
<?php
echo $_SEVER['PHP_SELF'];
?>
PoC:
http://localhost/self.php/<script>alert(/xss/)</script>
It is easy to see this vulnerability in action by looking at phpinfo.