1. The level of difficulty is dependent on how secure you wish to make it. If your looking for a simple but effective approach, look into .htaccess files. You can create groups and passwords simple with that technique. You need to be using the Apache HTTP Web Server however. (Do a Google search for .htaccess and .htpasswd files and you should get a decent article on the first page.)
2. You would need to use some server-side scripting language (PHP, ASP, JSP etc...) to process any client side forms if you don't want to directly modify the html code. And a database would be the ideal way of doing it, but not completely necessary. If your not interested in learning PHP or MySQL etc... you should teach him some HTML and CSS. If he is going to be updating the site, he should have a basic understanding of these technologies.
3. Guarantee... no. If you don't want someone to duplicate your work, don't make it viewable to the world. The internet = sharing. If you have any specific questions regarding PHP & MySQL... post away. Oh and best of luck with it.