Such amount of users is a tiny one, but still may produce something undesirable.
As I mentioned earlier, you can delete addon_whosonline_data.php completely, and it should be automatically re-created again.
they won't know what the data file is
They - who? :-) It couldn't be related to hacking at all, it could be a server's mistake on disk, for example. Trust me or not, that happens sometimes ;-)
Renaming process in this add-on: look in the function writeFile(). First it creates a temporary file with the newest data array of users, then renames it by addon_whosonline_data.php (in that process, older version of 'addon_whosonline_data.php' is deleted automatically).