This plugin is very useful for pointing out areas you probably never thought about before. Certainly, no site can be without security these days, and having a different perspective is a must.
There are some things that are not clear, however. Some documentation would go a long way in these areas. I question a couple of them that are rated as "high risk":
1. Database names. That might slow down an attack in progress a couple of minutes, but in all honesty, if they've gotten that far into the system, it's practically all over already.
2. Secure Hidden Login isn't well explained and there is no reasonable answer as to how users are supposed to login if the page is hidden.
Now, ordinarily, both of these items would only knock off one star, but since the author has not answered my questions about number 2, then lack of support is another star.