This recommendation applies to version 2.2.3 of this plugin, but the most recent version is 3.7.1. These findings may no longer be correct.
Allows admin users to edit the .htaccess file which could cause loss of availability in some configurations (i.e. where Apache is used and where .htaccess files are not ignored). This is probably not too much of an issue since admin users can already delete all posts or do other destructive things, but being able to prevent all access to the site might be considered to be exceeding their privileges.