Each plugin has a "Disable plugin" or "Enable plugin" link depending on its status:

These links result in GET requests. So after clicking 'Disable plugin', the URL looks like /wiki/admin/plugins.action?mode=disable&pluginKey=confluence.extra.webdav

Say I later enable the plugin on a different page, and refresh the page with the above URL. The plugin will be silently disabled again.

This is the practical problem resulting from a disregard for the difference between GET and POST.