The Quarantine is really just a record of the the malicious code that was removed. Those files are now clean and the prior contents are encoded into your database as a custom post_type. Don’t delete the files that those records refer to because they are clean but you can delete the records from the Quarantine if you want to. Personally, I find the Quarantine to be very useful for later reference, in case the site gets hacked again, you can compare the files and dates of the infection and you can also restore any of those files if the need arises. I suppose the only harm that could come from leaving those records in the quarantine is that an admin could accidentally restore the infected files at a later date.
On another subject, I just wanted to say what a pleasant surprise it was to wake up this morning and find you brilliant review and rebuttal in my behalf on wordpress.org, not to mention that very generous donation you made. Thank you!
Happy to donate! I was able to scan & clean 1/2 a dozen WP sites and not be muscled to pay siteloc to clean my sites -- every single WP install I had had been compromised, some in theme headers, one timthumb, and one backdoor. Your plug in was SO easy to use! THANKS!! Keep up the good good work! :) -- Tracey