First of all: The plugin does its job. But for me, it does it too well. I always get informed about any change, so everytime there is any kind of update, I get a notice - which is about daily, often hundreds of single changed files. So even if I got hacked, I probably wouldn't notice, since the alarm bell is ringing all the time anyway. And I cannot turn it off, since the plugin won't accept exceptions (I tried with complete paths too, but to no avail).
Also, there are other plugins who chose a more intelligent approach.
- Wordfence compares all of my files to their own mirrored files (they have a copy of anything ever uploaded on wordpress.org), and only if anything is out of order, they give me a notice.
- All in One WP Security also scans for file changes, but at least the exceptions do work there. With that plugin, I also have many more options.
So, after a brief experiment, I will not use this plugin any more.