I have plans to add Http authentication. It should not be so difficult and would indeed be a good addition. I'll try and add it in the near future. An obvious related change will be the protection of the deployment servlet with Http authentication...
Thank you for your answer,
Should I add feature request into jBPM JIRA?
Yes, please do, it never hurts and helps us keep track of things and generate releasenotes