My experience is that password protected documents should never be filed – an inspector or auditor should never be in the position of requesting a password. Instead, a PDF version of the document is uploaded on its own accord.
if the password-protected doc is embedded into another doc, i.e. Word meeting minutes with an embedded Excel spreadsheet or Powerpoint presentation, the hyperlink for the embedded doc can be opened by anybody with TMF access, including an inspector/auditor.
Hope this helps.