I understand why pull payments are better suited for Ether transfers than simply transferring ether from one account to another via a contract (gas limit and reentrancy). Does the same apply if my contract transfers an ERC20 token (I.e. should I be using a similar pullpayment pattern)?
Alternatively, if I am withdrawing to a trusted account (in this case contract owner), do I need to be concerned about reentrancy attacks, even for Ether?