So then what if, a hacker changes the file on your server. Its not changed in the wordpress repository but it is on yours. Whats in the repo is different than what is on your server. Its not a false positive because the file is different, even if the plugin author was just adding text or blank lines or whatever. If we didn't, then we wouldn't be doing our job.
tim