the current page submit trigger looks at the $_SERVER['HTTP_REFERRER'] variable and the $_SERVER['SERVER_NAME'] variable to make sure that they match.
the $_SERVER['SERVER_NAME'] is set by the server to the servers domain. the $_SERVER['HTTP_REFERRER'] is set to domain of the page that the post came from.
current page submit also looks at the page name of the referer, and makes sure they match.
A common tactic that a hacker will use is to visit your form page, and view source in the browser, then copy the source code.
He will then create a new page with your source code, set the action of the form to post to the form on your domain, upload it to his server to try and hack your form.
In this case, the Button submit trigger will still work, because he is just copying your form, element for element.
If you use the Current page submit trigger it wont work though, since the HTTP REFERRER will not math the SERVER_NAME
Setting the Server Validation behavior to use the Any form submit trigger will run the validation any time a post is made to the page. you want the validation to occur no matter what.
you only want the Insert or Email to send if the form that is being posted is on your server.