I'd say it depends on how many remote clients you plan to have, since you have to manually configure the associated key per client. Unlike a traditional VPN which was just username/password based (from the user perspective, anyway) wireguard is based on keys, which means if you want to get in remotely, you need to have a key which has been configured. If you only have a few clients, this is easy enough to get going. If you have lots of clients, or want to be able to easily add new clients, I can see it becoming cumbersome.

As far as setting it up securely, I don't think you're any worse off doing it yourself compared to using tailscale. You can define what networks each client may access. Personally I run wireguard on top of OpnSense, so I also have firewall rules in place to limit what any client can do from my remote-access network towards other parts of my network.