I uninstalled it, and it stripped the "?php" code from the beginning of my wp-config file. This caused my site to simply publish the entire wp-config file, including my username and password, to the web.
I figured out what had happened and fixed it, but I have to strongly urge anyone not to use this plugin. I imagine the booby-trap is accidental, but that doesn't matter. This is an unsafe plugin.