I just found about this framework so I might be wrong. But I can’t find anything in the docs or Github issues about sourcing from a WP site protected with htaccess!
I guess it could be theoretically achieved using a basic auth header, but that would mean the client would need to expose the user/password and therefore the protection would not make sense.
For data-sensitive apps, the data needs to be behind a log in system or they should be SSR-only, although SSR-only sensitive-data is not safe either, as it can be extracted from websites using scrapping.