with "no nat-control", IP addresses on a higher security level interface do not need any sort of nat translation to go to a lower security level interface. This has nothing to do with ACL's (unless you're talking about policy NAT).
IP's on a lower security level interface never need a NAT translation entry to go to a higher security level interface.
If "nat-conrol" is enabled, IP's on a higher security level interface need some sort of NAT statement when going to a lower security level interface.
Things get even fuzzier with regards to same security level interfaces.