When Password Protected is enabled, the Theme Customizer fails to let you preview your changes unless you have also already authenticated against your new password.
While this isn't necessarily a huge deal, it actually raises the question of if the plugin should even require Site Administrators (and Network Administrators) to enter the site password in order to view it.
My suggestion would be to allow Site Admins and Network Admins to be able to view the site regardless, but display a reminder that the site is locked to most people. For example, this is a screenshot of what a network/site admin sees when viewing one of our sites when a Site Offline message plugin we wrote is in use: http://i.imgur.com/eyOjM.png
I do know that you wanted to keep your plugin relatively lightweight, so I could easily see why you wouldn't want this whole message/reminder stuff, but I do think the behavior of requiring Site Admins and Network Admins to log in is kind of awkward (especially when they can't find the password in the dashboard or even database), and the breaking of Theme Customizations is just a side effect of that.
Note that while the Theme Customizer isn't too heavily used right now, I think it will be picking up steam as more developers move away from Settings pages to using the Customizer screen instead.
As always, thanks for your input and continued support :)