Hello @tonybaloney44,
the plugin’s code doesn’t have any eval( in any file. You can check that by yourself. Download the plugin from projectdmc.org and make an all-file search for the “eval” string.
Currently we are not aware of any security breach in the plugin’s code that would allow someone to hack your website.
The plugin has the explicit purpose to add CSS/JS/HTML codes to your website. But, if someone gained admin access to your website or hacked it, then the eval( JS code could’ve been added in any number of ways, for example by editing the files through the “WP Admin -> Appearance -> Theme Editor” page.
I’d advise you to go through the server’s log files and search for the steps that could lead to someone hacking your website. If there is indeed a security issue in the plugin’s code itself, then don’t hesitate to let us know.