right, /wp-login.php works, sorry.
if a user isn't logged in, he automatically gets redireted to the wp-login page, if he tries to visit /wp-admin/*. so why should this be protected?
i use the live search popup plugin. if a user is not logged in he cannot live-search my blog entries, because the plugin tries to access /wp-content/plugins/.../....php. so it'd be nice, if one could not only specify pages and posts that are accessable, but also any possible file/folder. :)
i've already implemented the redirect function to the sidebar login form. but when your plugin redirects a user to the specified "access denied" page, it's not possible for me to find out what page he wanted to see...
do me a favour and make "eyes only" work for user-level restricted pages even without changing them to private status. because there are already a few plugins that do this job... ;)