1) Your Mamp server wont be accessible to the world.
2) No, registration and login pages do not have to be at the site root, they can be in a subdirectory if you like.
weh running the security assist wizard, on the manage pages tab, you can specify the subdirectory along with the page name, for example:
directoryname/login.php
3) the other protected pages can be in the site root or in any other subdirectory of your site
4) The User Level Authentication tutorial should give you a good start on this.
for your needs, you would set the default value for the userlevel column to 0, and in the security assist wizard, don't include the userlevel column on the registration page
this way, when a new person registers, the assigned user level is 0.
you will need to edit the security assist authenticate user behavior to store the user level in a session as outlined in the user level tutorial.
then create access rules based on the user levels you will use in your site.
On the pages where you make the products for a specific user level available, use the appropriate access rule.
if there is a specific part of this that you need help with, please let us know