WordPress itself, in the wp-content folder, includes an empty PHP file which looks like this.
<?php
// Silence is golden.
?>
Should plugins include an empty file like this as well to stop folks view viewing the contents of a directory? What about additional folders in themes — like an includes directory?
No, they should not. If a plugin has vulnerabilities just because someone might see its directory structure it is broken. These bugs should be fixed.
Security through obscurity is a bug for itself.
It’s up to the site owner to allow or forbid directory browsing.
A second issue is performance: WordPress scans all PHP files in a plugin’s root directory to find plugin headers. This allows you to have multiple plugins under the same directory, eg /wp-content/plugins/wpse-examples/.
It also means that unused PHP files in that directory are wasting time and memory when WordPress is searching for plugins. One file will not do much harm, but imagine this is getting a common practice. You are creating a real problem in an attempt to fix a fictional.