The good news is that WordPress will not automatically generate a slug that already exists. The only problem would be if you manually specified the slug name to be the same on two posts.
If you create a post with the title ‘test’ the slug will be ‘test’. If you create a second post with the same title, the slug will be ‘test-2’
As far as how WordPress creates the permalinks – do you mean how does it generate the slug? It basically just takes the post title, replaces spaces with dashes, removes non-standard characters (ones that are not valid in a URL), makes it lower-case, and sticks a number on the end if the same one already exists. Although there is probably a bit more to it, the is the overall idea I believe 🙂
Now one thing you do have to watch out for I think is making sure the post slug is not the same as a page, but WordPress may automatically take care of this as well.
Of course, there may be other concerns with having just /post-title/ as your permalink that I am not thinking of right now – it is late here 😉
Thanks for all the help but I was wanting to look at the coding / technical aspect of permalink structure. I dont see anything being written in .htaccess file, so probably wordpress is using database to redirect url requests. If I know what its doing I might be able to find the answer for my question regarding validity, security and safety of using just /%postname% as custom permalink.