So there are two issues here but I first want to address the somewhat large nonce array issue.
First, that is an unusually large amount of data for my nonce array. The GOTMLS_nonce_array values should contain a few 32 digit nonce keys from the last few GOTMLS admin pages that the were loaded. It should be automatically purging any keys that are onlyer than 1 hour, so you should not usually have much data in that value (maybe a 100 bytes on average, not over 200 kilobyte). Either you had generated a whole lot of traffic on the GOTMLS admin pages or you were running an older version of the plugin that had a bug causing it not to purge the old data in the array.
The second value, the GOTMLS_definitions_blob, is sometimes over 100K because it contains definitions of current known threats, firewall definition, and sometimes core file hash keys. The firewall definitions need to be on autoload because they are checked on every page load to block abusive hits to your site. Also, this is not a lot of data to request, and it would actually be far less efficient to make a special request separate from the grouped autoload feature just to get these values that we know we will need anyway.
In response to the clean-up on deactivate request, I know that this would cause most people more grief that it would solve any problems. In my experience most people who are dealing with an infected site are constantly installing and reinstalling the plugin as they attempt to recover or restore the site and it would be incredibly inconvenient and unhelpful to wipe out all the setting, definitions, and logs every time they deactivate the plugin. The best middle-ground solution I could think of for this would be to add a new feature that you could optionally run to purge all the GOTMLS data before you deactivate if you were sure that you really wanted to permanently uninstall the plugin.
Let me know what you think of my responses and please feel free to post more suggestions if you have anything to add or clarify.
