update: i've just opened up the source code & taken a scan over it: nothing suspicious that i can see - no 'base64' stuff, no suspicious 'http''s, no visible trojans or exploits. also, authors details are provided if you want to contact him directly.
i haven't scanned the images, etc. someone probably should, (i'm hoping wordpress.org have their own inline-upload anti-viral scanners in place on the these plugin repositories - but that is just a hope and would be nice to have confirmed somehow.)
@socialgrower: could it be that your security warning msg from GA was just coincidence, or perhaps related to some other activity happening at that time?
interested to know.