Yes, you can run it without nginx, you could even change the port of it to run on port 80(if you don’t have a webserver), I don’t know if there is any security risks running it directly like that though.
One of the benefits of it, is that you can run both a webserver and mattermost in the same machine, because the proxy route it behind the scenes thus allowing you to have both on port 80/443, which is the default web port.
So you don’t have to for example remember in what port is mattermost installed you would only have to remember the address, for example chat.yourcompany.com or something similar instead of chat.yourcompany.com:10234
You can further add more protection on top of it and there are probably other factors I am not recalling right now.