Admin - Add Secret Key to URLs - Yes : Is this option necessary?

This option is necessary to prevent against CSRF attacks:

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

There is no speed benefit to disabling this option and it opens your store up to potential attack. I recommend to leave this option enabled.


Sources:

http://en.wikipedia.org/wiki/Cross-site_request_forgery


Actually, there is a big benefit from disabling - if you are woking in team, it's good idea to disable this feature in development process and enable it back when it goes to production. If this option is enabled you are unable to pass admin links to other coleagues, tickets, chat, etc.

Tags:

Admin