I can’t speak to reputation of the developer, although I did notice that there are a rather high number of 1-Star reviews (some are even reports of being hacked, though they were either unsubstantiated or replied to as fixed by the developer).
However, I think you are correct that this is a false positive. The code in this file that my plugin is having a problem with is the following hidden DIV that is output around whatever string is passed to this internal function. The div looks like this and uses the same techniques as some hackers use to hide their injected SEO content:
<div style="display:none;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;max-width:0px;opacity:0;overflow:hidden;">
Perhaps you can see how this code might be considered malicious. I am still not 100% sure how the developer intends to use this suspicious code but I have whitelisted this plugin for now.
Please download the latest definition updates and run the scan again to confirm that this file is no longer identified as a Known Threat.
Thanks again for reporting this to me, and please fell free to let me know if you have any further questions or concerns.
