I've always ignored it in the past as too "faffy" but with the introduction of CSRF tokens in CI 2 it's suddenly looking attractive. It it worth taking the hit and converting my existing 37 forms to use it?
Also, is it possible to get the CSRF benefits just using form_open does anybody know?
[UPDATED] It turns out you can turn on CSFR in config.php then simply replace your hand-rolled form tag and closing tags, and magic happens! No need to convert all your validation, repopulation etc.