Is it safe for me to create new Deadline users by inserting documents directly into the UserInfo collection (with blank passwords), or are there other bookkeeping operations that are performed when a normal user account is created?

Relatively safe, I suppose. I wouldn’t call it ‘safe’ solely on the basis that I wouldn’t recommend directly modifying the DB in the first place, but the User objects are pretty ‘dumb’ or ‘standalone’ in that we don’t really do any extra bookkeeping on them, as you say.