No, they should not. If a plugin has vulnerabilities just because someone might see its directory structure it is broken. These bugs should be fixed.
Security through obscurity is a bug for itself.
It’s up to the site owner to allow or forbid directory browsing.
A second issue is performance: WordPress scans all PHP files in a plugin’s root directory to find plugin headers. This allows you to have multiple plugins under the same directory, eg /wp-content/plugins/wpse-examples/.
It also means that unused PHP files in that directory are wasting time and memory when WordPress is searching for plugins. One file will not do much harm, but imagine this is getting a common practice. You are creating a real problem in an attempt to fix a fictional.