Does Accessible Authentication apply to non-web documents?
Do authentication requirements apply to documents, ie section 10?
Preliminary answer: Yes. Because documents, such as PDF files, can be protected with passwords.
Diving a little deeper into the question, ignoring for now the fact that protected PDF documents sometimes cannot be opened at all using screen reader software: Will it be possible to use password protection at all and still pass this clause? In theory yes - the document can pass the SC if users are able to paste a password from a password manager into the pdf viewer. BUT how can somebody who publishes a protected document know if all PDF viewing software will allow pasting of passwords? On the web, you usually can control the implementation of password protection, but do you have that kind of control for non-web documents? I don't know.
Meta-question: Should a discussion like this be a separate issue, or should it be just a comment to the original Issue presenting the new WCAG SC? Perhaps both alternatives are OK?