You might want to read this post about passwords protected posts. In short: Do not use them.
QUESTION: Will this strategy keep the info private, or am I missing something?
No, it won’t. It will even leak info to search engines and index those.
What you can do is to just require the actual user login in your template:
// @link https://developer.wordpress.org/reference/functions/is_user_logged_in/
if ( ! is_user_logged_in() ) {
// @link https://developer.wordpress.org/reference/functions/wp_login_form/
wp_login_form();
// "outer template"
wp_footer(); # etc.
return;
}
// Other template code