Basically, any line of code that says ‘base 64’ will get flagged as malicious by this plugin. In one sense, that’s pretty great as base 64 is often used to mask malicious code and this plugin will likely find it. On the other hand, nearly all of the time, it’s normal, benign code that’s needed by a legitimate plugin or theme. I would hope that it could do a better job of filtering which code is actually malicious and maybe flagging the rest as “possibly malicious.” At least this plugin will give you a good idea of where to look.
Five stars for flagging a lot of stuff. Subtracting two stars for unnecessarily making me [trash talk redacted]