Yes, using wp-load.php outside of WordPress does present some security risks, especially if sensitive data is being processed or if external users have access to the script.

Although the script isn't passing any values, using WordPress core files externally can still leave your site vulnerable to potential attacks, such as SQL injections or unauthorized access attempts, if proper security measures are not in place. It's important to ensure that these external scripts are protected, particularly when using cron jobs.

To mitigate these risks, one approach is to implement additional layers of authentication. For example, my plugin adds a triple authentication process (email, password, and facial recognition) before granting access to WordPress. This significantly reduces the chances of unauthorized access, even if someone knows the name of the PHP script or tries to exploit vulnerabilities in the system.

Using such multi-layer authentication mechanisms ensures that your WordPress installation remains secure even when external scripts interact with it.