[eluser]oppenheimer[/eluser]
I don't see any risk as long as controllers check for authorization.
Also, have you tested all the various conditions like:
<ul><li>Failed login attempt</li>
<li>Successful login attempt</li>
<li>User visits several pages then logins</li>
<li>User goes to login page first and then logins</li>
<li>The lastlogin page is changed by the user to a different page</li>
</ul>