I know that wp_verify_nonce() is used to make sure that the $_POST is coming from a safe place.

I am developing a WordPress plugin which creates custom lists. In order to do that the web site owner has to access to the plugin settings login in your wp-admin server.

Is necessary to use wp_create_nonce() & wp_verify_nonce() if the form can only been accessed after wp-admin login?