I noted this bug here: http://wordpress.org/support/topic/352180
When a subscriber logs in to comment and clicks the dashboard he can see the comments on password protected pages without knowing or entering the password for those pages.
I think that the fact that subscribers can see comments they shouldn't is a security problem that should be fixed in the main program. Protected should mean protected. No one but an admin user should have access to password protected pages/posts/comments without the password.