I am getting preliminary reports that this plugin is being used by some bad neighborhood sites as a potential attack vector. I have not confirmed what exactly is going on but as soon as I hear more I will post back.
Please make sure your wp-plugin-repo-stats folder is at 755 permission and you have upgraded to the latest version of the plugin (0.0.7 as of this writing) . Make sure you have reviewed http://codex.wordpress.org/Hardening_WordPress carefully. You may also want to use a plugin such as http://wordpress.org/extend/plugins/exploit-scanner/ to make sure your system has not been compromised. I used this on my website with 0.0.7 running and did not find any issues.
The code in this plugin is benign. It does not do any database reading or writing, other than to the wp_options table using the Settings API which most plugins do. It does not accept user input other than from the admin page, which only logged-in administrators have access to.
As soon as I find out more information I will update this post.