The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins.
Result: with notifiers and CSRF protection enabled POSTs fail with 403.
One easily visible example: trying to disable an installed plugin results in
Status Code: 403
Exception: No valid crumb was included in the request
displayed where the restart button should appear.