Why give it a 1 star rating if you don't actually know there is real problem?
PHP eval function. Sometimes it is possible that malicious code will contain the eval function, which is executable, especially on the same line as a base 64 encoding.
Although this has been used as a method for malicious code to be executed in some situations, it is very unlikely to be the case on a well documented, popular, regularly updated and highly rated plugin like this one.
If a vulnerability is found, then you should contact the plugin author via the support options and ask the question, rather than just giving it a 1 star rating without knowing anything about it.
If there is a genuine problem, then I am sure the author would do absolutely everything in his/her power to address that in the interest of the community, and their own reputation.