I am a new user to shopsite, and came across this same problem. Jim's answer was very discouraging. I then found a solution that works for us:
1) Create a new .htpasswd file with the same username you use to log into your backend, but with a different password. Use a utility like
http://www.htaccesstools.com/htpasswd-generator and place the file anywhere on your server (let's call this location X).
2) Add the following text to the end of the .htaccess file found in cgi-bin/ss:
<FilesMatch "^(orderhandler|database_ssl)\.cgi$">
AuthName "View Orders"
AuthType Basic
AuthUserFile [location X]/.htpasswd
require valid-user
</FilesMatch>
Using this method, the original backend password will be used for all sections not explicitly defined (in this case, everything but the orders and download sections). The added section says that orderhandler.cgi and database.cgi are handled by the new password in location X. You can duplicate this section if you wish, so if you want a third password for the products section, you could create a new .htpasswd file in location Y and add the following to your .htaccess file:
<FilesMatch "^products\.cgi$">
AuthName "Products"
AuthType Basic
AuthUserFile [location Y]/.htpasswd
require valid-user
</FilesMatch>
Also, be sure to give anyone who has access to only a portion of the site a direct link to that section, such as
http://domain.com/cgi-bin/ss/orderhandler.cgi since their limited rights may not give them access to the backend start page.