If I enable the option giving in Advanced Settings is gives me BAD Request or error code 400

If I enable this option, what is the required value of AppSecret_Proof parameter?

If you visit github and have a look at their PHP SDK's code, you'll find how they generate appsecret_proof's value.

This part was recently added so you have to refer to the latest version of PHP SDK. To activate/inactivate, as you already know, you have to visit App Dashboard > Setting > Advanced.

EDIT: 2013-08-09
Now they have official document.

From the documentation article Securing Graph API Requests:

The app secret proof is a sha256 hash of your access token, using the app secret as the key. Here's what the call looks like in PHP:

$appsecret_proof = hash_hmac('sha256', $access_token, $app_secret);