Assuming I do the same field validation in either case, is there any difference in terms of security whether you POST a form back to its own file or to another?
Note that I'm not referring to sensitive information or passwords within the form data, but to whether either method is better at avoiding various types of attacks.
If they're both files on your server, under your control, then it doesn't make a difference.
It does not make a difference. The page accepting the form input has no idea where the data came from (the HTTP referrer is trivial to spoof) and any security effort would depend on things completely unrelated to page the form data came from.
No, it does not matter at all. All you are doing is sending a HTTP request to a URL. Your server handles the request and sends the response back to the user. If the response happens to be the same page as the one sending the request, it does not make the application any more secure or vulnerable to any kind of attack over HTTP.
It does make a difference actually- Mainly because if you post back to itself, it doesn't make a new history entry, but if you post to a different page it does make a new history entry in the browser. This is mainly of interest to public terminals, and in browsers that remember the contents of forms.
I also think to fully prevent that sort of attack, you'd need to involve a 301 redirect. That is you post to the url, and the url responds with a 301 sending you back to the original page.