> it should be a nominal task to restrict viewers to those with read access to your repo

I don't think it would be quite that trivial. They would have to inject authentication into your HTML, which could cause lots of things to break.