It appears that if you create a password protected site using .mac, capitalization of the username portion of the URL is important. When a user accesses a password protected .mac website they are presented with a web page that requests only the password. The username is parsed from the URL and is used for authentication. If the username portion of the URL is incorrectly capitalized, authentication will fail.
If someone accessing a password protected .mac website incorrectly capitalizes the username, the only way to get into the website is to purge the history list (this is the behavior in both IE and Safari) then provide the correctly capitalized URL.
[robg adds: I tested this with a password protected page on my mac.com site, and it's definitely true -- if my name is incorrectly capitalized, authentication fails...]

