As requested by @fperez
When using a password, read-only mode allows unauthenticated users read-only access to notebooks. Editing, execution, etc. are not allowed in read-only mode (the buttons, shortcuts, etc. are removed, but the requests will raise authentication errors if they manage to send the events anyway), but save/print functions are available.
No kernels are started until an authenticated user opens a notebook.
@minrk, I think you pushed the wrong branch for the pr :)