Define necessary. It’s socks4a - imagined it’s correctly implemented in the application which sometimes is a big assumption(!) - certainly is preferred over socks4. We don’t want DNS related identity correlation. It’s best to have that isolated also.
I don’t know the relative advantages of any of the socks protocols versus another in terms of security.
Application dependent. Applications might have a leak-free socks4a implementation and a broken socks5 implementation or vice versa. Difficult to be sure. That is TorifyHOWTO, hard, and why Whonix was created.