This plugin has saved my bacon a couple of times, and also saved me from a lot of sleepless nights when unscrupulous "security experts" scared the crap out of my client by leading her to believe her site had been hacked (it hadn't - it just had an XSS vulnerability in one of its plugins that I had to fix.)
Long story short, being able to scan your files and make sure nothing has been altered from the open-source-repository versions is totally great. The further hardening that this plugin does against other vulnerabilities is fantastic as well, and the fact that it emails me to remind me when one of my sites needs its plugins updated is icing on the cake.
And it's free! Hallelujah!