a) add a new kind of URL: FTPU://host/path
this URL is like FTP: except that it assumes that the user will
supply a user name and password, i.e., not anonymous access
b) change your links in any document that points to anything that
requires protection to instead use FTPU://host/path links.
Of course, relative paths will still work, so you only have to change
the links to the entry points.
Well, yes, FTP is slower than HTTP, but by the time you do all this
authorization and stuff, maybe it isn't that much slower, and you can
cache FTP connections which have logged in, etc. Besides, web servers
already have FTP code in them, the only thing you have to do is keep
track of username/password pairs for specific hosts.
You're not inventing any new security scheme, so you're unlikely to
get into trouble, like gopher did, of compromising the security of a
site by introducing a new, incompatible security mechanism. FTP
already has access control, and separate access control for read and
write, so you don't have to build a new ACL mechanism.