I haven't seen anything in the readme that comes with wp about deleting "unneccessary" files after you successfully installed wp.
I figured it might be a good idea to delete the following files that can be run by anyone typing in the url. Please correct me if I am wrong:
wp-admin/upgrade.php (anyone can launch this, even here on wordpress.org/development/...)
I guess you could alternatively secure the wp-admin folder with a .htaccess file.
Or maybe I am wrong and these files do not pose a security risk by being freely accessible?