I see where Jason is coming from, but it is only a matter of time before somebody discovers and reads a non password protected RSS feed (and all the popular tools like FeedDemon, NetNewsWire, Bloglines, etc. support password protected RSS feeds AFAIK). "Security through obscurity" doesn't work.
In response to my post yesterday about that lack of security in BaseCamp's RSS support I got an email from Jason Fried, who said:RSS authentication still isn't mainstream yet so we're not supporting it. Once more makers and people are on full support with it we'll consider using it. If you knew how many people can't even figure out how to subscribe to a feed you'd understand where we're coming from.