My plugin does not delete anything from the database. Once the malicious PHP code is removed that entry in the wp_options table has no effect. You can (and probably should) delete it just to clean up.
As far as the source of this infection, It is most likely a shared hosting vulnerability.
I have recently created a very secure hosting environment to answer this need. After testing this new server for a few months I have created a site and opened registrations to the public. It’s not going to be as cheap as the bulky shared hosting providers out there like GoDaddy and HostGator but it is way more secure.
You can signup here if interested or contact me directly if you want more info.