Sitefinity uses ASP.Net Membership Services for authentication and user management. We supply built in data providers for Membership, Role and Profile modules but you are not limited to use them. In version 3.1 we will provide extended support for Active Directory and Windows Token Provider. Also Sitefinity 3.1 will support multiple Membership providers within a single application. This will allow you to completely separate public and administrative users. For example, you will be able to set Active Directory provider for administrative users and SQL provider for public users.
Currently, there is a known issue with our SQL Membership provider. It does not respect the number of unsuccessful attempts set for login. This problem is already fixed and will be available with the next release in about a month. As workaround you could use SqlMembershipProvider provided with .Net framework 2.0 if you are using SQL Server but you won’t be able to take advantage of automatic database upgrades in the feature.
For your second question, unfortunately it is not possible to change the name of the Sitefinity folder. We may provide this ability in some of the next versions though this will not really solve the problem as the new name can be easily discovered. A better approach would be to restrict the access to this folder to a certain IP address or allow access through VPN only.
the Telerik team