When validating the uploaded plugin version, the plugins directory compares the versions marked as supported in the web UI with the value of $plugin->requires in the plugin's version.php. I just realized this validation is done incorrectly.
It is possible to declare $plugin->requires = X while marking that plugin supports Y where Y < X. This raises just validation warning, even though it has serious consequences.
We use marked supported Moodle versions in the available updates infrastructure and on-click installers. So admins can potentially install/update plugin even when its version.php requires higher Moodle version.
On contrary, the situation Y > X raises "Important" validation issue (and prevents the ZIP from being uploaded) even though that is actually acceptable situation without negative consequences.
Another (yet related) issue that negatively affects the available updates notifications is that currently the "Supported Moodle version" is optional field and folks tend to fill it. It really is essential and required information today to make the whole plugins infrastructure work.