I deactivated the plugin and a few days later I got an unsolicited email from firstname.lastname@example.org with the subject "6Scan cannot contact your plugin at http://mydomain.com". I was shocked and upset that they had forcibly taken my email address from my WP Database without my permission.
This Clearly violates the WordPress Plugin Repository Plugin Guidelines:
No unauthorized collection of user data. For example, sending the admin's email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user's doing, not automatically done by the plugin.
This I am writing this to warn all prospective users about this immoral (if not illegal) abuse of private information and also in the hopes that I get the attention of the developers of this plugin so that they may change their tactics.