What do the OAuth Scopes do? Why does the plugin need them?
The 'Access and manage your data' scope allows our plugin to make SOQL queries to Salesforce so that we can display your data in Confluence.
The 'Perform requests on your behalf..." scope allows us to request new access tokens when the old ones would expire, so that an administrator only has to go through the oauth dance once in order for the plugin to be configured. Otherwise, Salesforce authentication would be needed every time a token expires which occurs fairly frequently.