Yeah, he's going to need to first script a login so he can grab and store the cookie which he is then going to need to present on each urllib.urlopen().
Being logged in on your browser is not going to help since your browser and your web2py code are totally separate. He could possibly make it easier by not protecting the functions with Web2py's authentication and instead inserting a secret header or cookie variable or arg/var.
