The easiest way to implement the read-only part would be to allow providing a special "access code" (similar to how the password protected pages work) and therefore wouldn't require a full login.
Full control would be much more difficult to implement as obviously that would require a full username & password to track who is making edits to the form (and perhaps accessing the data). Is the point of this to limit this person's scope of access or just to simplify things?
Of the two, the read-only thing is definitely easier to roll out but if that's not what's actually needed then we don't need to waste time on that part.