It's really just irresponsible to actually distribute a web app that you have no idea is actually secure. You are putting anybody who tries to use your software at risk.
> and learn a lot from them...
You're not going to learn anything from waking up one morning and suddenly finding your server pwned. Except maybe "I shouldn't have done that", which admittedly is a good lesson to learn.
But more importantly, once again, is that you shouldn't publish it, because you are putting others at risk if you do that!