If a project specifies a Mercurial URL with inline authentication (such as https://username:password@...) then the second time the build runs you will get the following error:
ERROR: Workspace reports paths.default as https://[hidden email]
which looks different than https://username:[hidden email]
so falling back to fresh clone rather than incremental update
Definitively a blocker issue for using this plugin.
Specially when using Hg on hosted server for kind of big projects.
See http://www.selenic.com/mercurial/hgrc.5.html#auth for a simple workaround (but yes, this should be fixed in Jenkins because this approach makes it clustering harder).
Unfortunately if you clone https://username:password@... your .hg/hgrc in the workspace will be just
default = https://[hidden email]
meaning that a subsequent hg pull from the plugin will prompt for a password (and fail since it is run noninteractively). So while it may be annoying to have your workspace checked out anew, this is better than not being able to update at all.
Of course nicest would be to somehow integrate with the Credentials plugin so that you could store your password securely on Jenkins master, transmitting it to the slave just long enough to be passed somehow to pull and other commands, perhaps using a masked --config auth.something.password=… parameter. But this is a matter for a separate, and broader, RFE. In the meantime the best bet is to preconfigure authentication on those nodes which will be running Mercurial commands.