PoE both does and doesn't use extra pairs!
Actually, the way PoE wiring works can be a bit confusing at first, but it's not at all complicated.
In a nutshell, there are two types of devices defined by 802.3af, the PoE spec: the PSE (Power Supplying Equipment) and the PD (Powered Device). PSEs are things like PoE switches or inline "power injectors", while PDs are anything that is powered by the PSE: phones, access points, cameras, sensors, and now that low-power computers are getting here, even computers themselves.
The answer of which wires are used varies, as the spec defines two scenarios:
In the first, power and data use separate wires, with the data pairs being the usual pairs and power being carried on the "extra" pairs. This scenario can be used for 10baseT and/or 100baseT, but not 1000baseT (gigabit).
In the second, power is carried on the data wires themselves. This scenario can be used with any or all of 10baseT, 100baseT, or 1000baseT. Note that gigabit REQUIRES this scenario for PoE, since it uses all eight wires for data signalling.
802.3af allows PSE designers to pick one scenario to support, but REQUIRES the PD to support BOTH, so a PD designed according to the spec will work regardless of what kind of PSE is supplying the power, or which scenario its designers chose to implement.
In either scenario, the PSE may not apply power until it sees the "signature" of a valid PD, and the PSE is required to quickly pull power when it loses its connection with the PD, so there should never be power present on any *inactive* PoE wiring. IMO, this is a really cool, really safe design, and includes some clever features to allow this to all happen with passive electronics (mostly resistors), for low cost and killer reliability. In combination with the low voltage, it provides a very safe system.
For those that care about a summary of the gory details, here you go: There is no interference since the power is DC and the data signal is AC, so adding power simply shifts (offsets) the voltage level of the data signal by -48VDC. At each end there's a center tap transformer to pull off the DC and allow coupling of the AC signal to the Ethernet PHY as usual. Negative 48V was taken from the telecom industry, (it's the voltage that runs every analog telephone), and the voltage is negative instead of positive so it's easy to add a sacrificial anode for cathodic corrosion protection, something you care a lot about if you're going to have buried or wet conductors, as the phone company does. As for power, the original 802.3af spec only supports delivering about 12 Watts Max in the highest power class. Properly designed PDs will identify their power class to the PSE, so it can manage its power supply resources - PDs that can't do this have to be assumed by the PSE to require the maximum power. Newer versions will support higher power but there is very little hardware supporting higher power versions out there right now (late 2008). 12W was selected as the maximum that can be safely delivered with the ordinary types of twisted pair wiring and interconnects that are out there. Higher-power installations may require more attention to wiring (especially interconnects like punch-downs) to ensure safety.
(I know all this because I built the world's first PoE and web-enabled sensors several years ago, and had to figure it all out back when interoperability was still a bit sketchy.)
Oh, and by the way, it's worth noting that PoE is the first globally compatible power standard, and you get high-speed networking in the bargain. That in itself makes it pretty darn interesting. (I'm excluding USB because it's limited to only 2.5W and suffers severe distance limits, unlike PoE, which clearly supports distances long enough to be useful as infrastructure.) And don't overlook another feature: putting the PoE switch on a UPS lets all the end-nodes keep trucking during power failures, too. Personally, I'd like my next smartphone to drop into a PoE cradle for network syncing and charging with no computer required. and I really like the idea of a PoE-powered Netbook/Laptop kind of device, so there's only one cable to plug in when you're at your desk.
