Wordpress - wpdb->insert: do I need to prepare against SQL injection?

No, you shouldn't prepare or escape the data, this is done for you by the wpdb class.

From the wpdb class reference:

data:

(array) Data to insert (in column => value pairs). Both $data columns and $data values should be "raw" (neither should be SQL escaped).

If, however, you were writing your own SQL rather than using the insert method, then yes, you should escape using prepare.