The plugin relies on a remote host, which makes it fundamentally insecure. No matter how well the code is written, all it takes is a man in the middle attack and the entire stack is compromised.
It would be better if the generated code was done on the server, and provided on the server like the boilerplate generators. Having a plugin to do it is opening up a security hole.
The first (and biggest problem) with this plugin is, that it doesn't generate the code with the plugin code. The plugin is just a proxy that calls a remote server that produces some code and then downloads it into the WP installation. So the owner of the remote server has your installation in his hands. He could send you any sort of code he wants, opening backdoors, hijacking your complete installation.
The other problem is that the code of the plugin is crap. It takes any incoming POST response and just uses it without validation or sanitization. But this is just another security concern.
Long story short: Don't use this plugin. Simply don't.
You must log in to submit a review. You can also log in or register using the form near the top of this page.