Craig,
Did you ever get your question answered. I am about to post a similar one, though I am hesitating on account that your post did not receive an answer, and it has been posted for over a year!
There are many ways to approach security:
1. You can store users into he Autodesk MapGuide Enterprise Administrator "http://localhost/mapguide2011/mapadmin/login.php" and secure the maps using MapGuide Studio.Then use the MAPS widget in Flexible Web Layout to point to the maps.
2. The on way I like requires some code changes to mapguide itself. I like to send a parameter "mgmapresourceid" but you need to change FUSION (FWL) using the changes here. http://trac.osgeo.org/fusion/ticket/65
The change asks you to change the ApplicationDefinition.js file..But you will have to change the fusionSF-compressed.js instead because that is the default one that the Flexible Web Layouts use.
Once you have done that you can pass the map name to the url.
Then you change the security of your page to check the user and pass the map name you store in a database or something to secure the maps they can see.
regards
gordon