The plug-in results in the following alert when a site using the plugin is scanned using Sucuri.net
WordPress internal path: [exact path description removed]... /wp-content/themes/[theme used]
I've removed the precise path and theme information for my own site, but you get the idea. The plug-in potentially makes a site more vulnerable to attacks by displaying the literal WordPress path and server information.
More about the seriousness of this issue can be found on the Sucuri.net website here:
Please resolve this issue or provide a suggestion to prevent it.