how to password protect BURG?

First, you need to set users and passwords in grub.cfg, for example:

set superusers=admin
# md5 password
password --md5 admin '$1$A1tpOB3$bTHEMeIVvBbQsLZIWmJp/.'
# plain text password
password user1 user1

The md5 password is generated using command grub-mkpasswd, for example, to get the encrypted string for admin, use:
grub-mkpasswd admin

You can also generate it with openssl, for example:
openssl passwd -1 -salt 1234567 admin

Then, add --users option to the menuentries you want to protect, like this:

menuentry "Boot Windows" --users user1 {
  ...
}

Only user1 and superusers (admin in this example) can boot this item.

Some system defined hot-keys, such as 'c', can only be used by superusers.

BTW, grub2 upstream has recently add support for pbkdf2 password. This will be merged into BURG soon.

I've added user land tool to configure password protection. Although the tools needs to be run in console mode, but it's much easier than hacking the configure file manually:

http://code.google.com/p/burg/wiki/Authentication

How do I set a password only to the recovery mode?

Oh, interesting point. Currently GRUB_USERS doesn't distinguish between normal and rescue mode items, but it's quite easy to implement. I'd add it in the next version.

With 2010.04.25, you can password protect recovery items only, see the following wiki page for more information:

http://code.google.com/p/burg/wiki/Authentication

This feature has been implemented.

Muchas gracias, voy a probarlo