Neither of those details protect a WordPress site. For most sites it is easy to get a list of all users that have posted content, and the wp-admin section is not much harder to figure out.
I can’t think of any reason to not change those things, but they add no benefit. One caveat may be that it is harder for users to remember the custom admin path, if changed.
Keeping software updated and credentials secure, these are the methods to protect a site. We don’t have “admin” accounts anymore, and if they get your passwords, it doesn’t matter what the
wp-admin path is.