I've been reading about protection from SQL injection attacks which I want to do but I can't tell if I'm supposed to use prepare on a SQL insert or not.
Reading Andrew Nacin's post about the change to prepare it looks like it's only on reads from the database. But the example in the Codex shows an Insert. The example also uses a Post ID which I wouldn't have with pushing new data into a database.
So I think the answer is no but I'd really like to know for sure.