We have released an update to the plugin (version 1.04) which validates the information submitted in the settings form and does not save invalid information. However, it does not appear this was ever a security threat since posting information to that page fails if the settings page is not loaded inside the Wordpress Administration area, which requires an admin login to get into. At any rate, thank you for bringing this potential issue to our attention; allowing us to make the functionality better in the process.
