Regarding the password, such a thing wouldn't be trivial to implement at all.
If you wanted to just secure Rockbox, for varying definitions of secure, this would be possible. However it would be next to useless doing so because the filesystem would be broadly accessible though the original firmware as saratoga alluded to. Actually writing a full bootloader for this device would be non-trivial. Instead of deploying a full bootloader, where possible Rockbox simply patches the OF (original firmware) so that it jumps to booting the Rockbox binary unless a key press is detected.
To actually be useful, what you want to achieve needs to be significantly more involved. Even if you did manage to deploy a passphrase check to the bootloader, to actually be useful in any capacity for the purpose of security you would also need to deploy full disk or file based encryption to both the OF and Rockbox. Otherwise the files would still be very trivially accessible to even a relatively unskilled attacker.
Fact of the matter is, you basically have no business expecting any degree of security from a device like this. If you do need a degree of security like this it is best to carry an encrypted container on a USB thumbdrive, or use a dedicated secure storage device.