1) Your Windchill application needs a web server for you to communicate with. Deleting the HTTPServer folder will remove the OOTB installed Apache web server. It makes your Windchill super secure since noone (not even your own users) can access it. Do you have some other web server set up to replace Apache perhaps? If you want to secure your web server further you could look into a reverse proxy like for instance NGINX, configured on a Linux based server coupled with fail2ban or something similar. Set it all up with certificates for secure connection.

2) Altering the database profiles you mention may cause Windchill not to be able to connect to the DB unless you have a schedule to change your DB password and the update it accordingly before the password expires (if for instance you set the Password Life Time to some value). The Password Verify Function looks to define which password complexity rules your Oracle installation shall enforce. I have not changed this myself before, but with sufficient research I think you should be ok. Make sure you map out what to do and how to go about resolving issues if you end up with a locked system.

Remember to set strong System password, and make sure that you change the SYS password if you manage the Oracle installation yourself. If you have a decent DBA at hand they should be able to advise you on how to configure your DB.