Someone could use this to

A) Remotely check the presence of any specific file on your machine.

B) Exfiltrate the contents of any file they know the hash of (or possibly more specifically, the hash of each piece? I don't know the protocol details).

Fine if you have a dedicated "I expect the contents to be public" drive or directory, but not something I'd want to do on my OS drive.