Inside myplugin_save_postdata() function I view some verification. I write in it here:
// verify this came from the our screen and with proper authorization,
// because save_post can be triggered at other times
if ( !wp_verify_nonce( $_POST['myplugin_noncename'], plugin_basename( __FILE__ ) ) )
// Check permissions
if ( 'page' == $_POST['post_type'] )
if ( !current_user_can( 'edit_page', $post_id ) )
if ( !current_user_can( 'edit_post', $post_id ) )
I suppose that it is redundant verification and it is not necessary in this function. The data saving will be in secure always. Nonce exists in the form outside metabox which is added in the example. I suppose that user with another capabilities can’t save data anyway.
I think that it is not necessary to use code above for saving in secure. Correct me if i wrong.