No, it is not safe.
See also this thread: Custom Login Page with social login (not the one from Keycloak) (Ignore the parts with „social login“, there‘s a lot of stuff about why it is important to use the KC login pages)
and this one: The final word on custom login and signup pages
And…. It‘s not the Keycloak REST API - it‘s the Keycloak ADMIN REST API.
It‘s meant for administering and management purposes. Not for handling user auths.