By default, Total Donations will generate a random unique number called a wordpress nonce that will be checked when a donation occurs. Good security is a multilayered solution. Adding this is one part in larger puzzle to help make sure that the only scripts that are allowed to execute a donation form come from inside the plugin.