Restrict access to readers who login with a permitted email addresses (no usernames or passwords!). Ideal for private/personal/family blogs.
Not very. If someone can guess an email address, then they can get in. Also, I'm pretty sure the plugin isn't hacker-proof. But it definitely helps keep out the random people you don't want looking in.
Note: the permitted address list in your WordPress database is not encrypted in any way.
This plugin also blocks access to feeds (because WordPress has standard feed URIs that can be easily guessed by people you might not want seeing your blog).
If you want to re-enable feeds on your blog, you'll have to use the Feed Wrangler WordPress plugin to create unique URIs for your feed (Friends Only is set up to allow Feed Wrangler feeds through). Please note that the URI for FeedWrangler feeds must be in the format http://blog.com/?feed=secretname (and not http://blog.com/feed/secretname).
Yes, just separate the addresses by commas.
Actually, you can use anything you want. If you wanted to give Lady Gaga access to your holiday blog, but didn't know her email address, just add the line "ladygaga" to the permitted address list and then give her a handwritten note with the site URL and username written on it next time you see her at a party.
Just note that login credentials are not cases sensitive ("LadyGaga" is the same as "ladygaga"), and you can't use spaces (No "lady gaga", please).
Yes. Open the login page in your web browser, and then look at the source. You'll see all the CSS styles that are used. Create your own custom CSS file based on this, and pop it onto your web server (ideally, along with your theme). Go to Friends Only settings and then specify the URL for the new CSS file. The custom CSS will now be used instead of the stock styling.