Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
Does CVS Monitor makes any sort of "read" check before letting someone view the code in the repository?
Somebody that does not has the read accesses onto some CSV module should not have the right to viez the tree and its contents through CVS Monitor.
Unfortunately, the permissions model of CVS is pretty weak, so there's no way that I'm aware of to propogate the filesystem-based permissions through to the front end.