Once this plugin is configured, I am no longer able to hit the notifyCommit URLs. Instead I get "This request requires HTTP authentication."

Based on the git plugin documentation, these URLs should not be secured:

this URL doesn't require authentication even for secured Jenkins, because the server doesn't directly use anything that the client is sending. It runs polling to verify that there is a change, before it actually starts a build.

source: https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin#GitPlugin-Pushnotificationfromrepository

I believe both svn and mercurial also support push notifications. I'm not aware of any other Jenkins URLs that need to be excluded from the security filter, but others may exist.