Well a simple solution is to generate unique feed links for each subscriber, make it infeasible to guess links, and monitor if a link is being shared too widely.

Since it's just http there are plenty of authentication options, but no standard. Various readers support some kind of auth though.