I think, that the fact, that password stays in cookies even after user closes browser window.. ...well sux.
This makes (at least for me) whole password protecting feature useless, because when someone connects to my blog from public computer (where it's sometimes not possible to delete cookies) and views password-protected post, than EVERYONE after him/her can see the (not anymore) password-protected post.
Even if it was everytime possible, the necessity to delete cookies after every visit to blog... ..well sux.
Don't take me wrong, I think that wordpress is great piece of software. It just seems to me, that this password protecting thing is not enough well-thoughtout.