You clearly keep skipping over what I stated about it.
From an objective standpoint with no external considertion's it IS safe. There is no vulnerability within it (unless you're counting password hashing *2) as all inputs are sanitized.
However I did state and I'll quote it once more,
Also, you can write a bullet proof login / register system from scratch with no wrappers etc in 10 minutes. It's literally 2 PDO prepared statements & bcrypt.
*2 not even an issue unless you leave other vulns cause hows the DB going to get leaked.
Also let's be real the kid is doing it for school, do you think a teacher is going to care?