There were rumors that payment for query operations is to be added in a future.
In this case, we need to limit read access to (some of) frontend/asset canisters to a certain user, because otherwise, his/her cycles could be drained by repeated reading.
Introducing payment for queries is probably a difficult task. But limiting access to frontends can be done now, in advance.
On access failed, a frontend canister would display a login button, but this isn’t a perfect solution, because cycles could be drained by repeated downloading of the login form. Any better solution?