Hi Peter,

To answer your question about whether or not all Base64 eval() code is bad: No, it’s not all bad. There are definitely legitimate uses for it. If the developer of that plugin used that function, it’s probably OK and I wouldn’t be too worried. If you’re still uneasy however, I recommend contacting the developer and asking them to verify that the code is supposed to be there.

(Sorry for the delayed reply; I’m just catching up to comments now!)