I checked the source code and all looks good. There are some HTML comments added by plugin/theme which we can replace using “replace in HTML” option in HMWP. Lots of “wp-admin” words are present as we are logged in as Admin. We should basically check the page source as normal user (without loggin in).
You can enable option “avoid direct access to PHP”, but make sure that everything works fine after enabling it.