think the simple answer is no, search engines cannot crawl content that is behind any login requirement.

Let's look into this more closely; Anonymous users group is generally understood to be the users that do not require any logins to view content on your website. That also includes any search engine crawler. So anything that you want to be publically available and crawled by search engines should be in the antonymous users group. Please NOTE most content defaults to registered users group to be viewed and has to be set to the anonymous users group to be viewed publically. This is a security feature and prevents you publishing content publicaly accidentally.

Search engines can't 'login' so they cant view anything that is published ONLY to registered groups or any other user group other than anonymous.

There is just one other caveat that is slightly worrying; Google has recently announced that it is releasing code search. which basically means it will release to searchable results of scripts and code of unprotected directories!

So be aware, that if this intrusion goes ahead with Google you should always put 'private content into a database (via xoops permissions) or password protect your HTML directories that contain private content.

The google thing is going to make a big storm over the internet generally, but providing you use xoops content permissions system, your pretty safe.