I might be confused on this. When you say that Securitycheck Pro excludes files stored in cache, why does it still show them on the exclusions page? This was added to even today. If it was told explicitly to exclude, why does it scan and list?
If the option "Store exceptions in database" is enabled them all excluded files will be listed as exceptions. Those files are not analyzed but I write a reference in the log file to tell you that those files exists but are excluded. This is useful, for instance, if you exclude a folder containing .pdf files and someone puts there a malicious.php file. Reviewing the logs or the exceptions you will see that the file is excluded (otherwise you won't notice it).