Personally, I don’t recommend changing any of WordPress’ files outside of your theme and plugins unless you REALLY know what you’re doing.
However, if you sign up users in the native "Subscriber" role on WordPress, they won’t have any access to the content of the site outside of their own profile. That way they can’t add, change, or delete any posts or pages. Plus, unless they KNOW you’re using WordPress, and also have a fairly good knowledge of WordPress’ folder structure, they’re not likely to manually type in "yourdomain.com/wp-admin"
If you have a redirect from the login screen to the homepage and nothing is broken,then I think you’re pretty much in the clear.