I understand the premise of having it ask for the password; however, I was thinking that if the person has physical access to the machine then they could disable the function. It doesn't sound like it from how you describe it so I'm hoping for option #2!
No, this would be in violation of the common interface conventions. Whenever sensitive information such as a password is changed on a device, the user must provide the old password first. Otherwise, there is a security breach that could be exploited.
If we delete the current address book that is built on the server and create a new one, will the remote clients auto-populate the new book? Do they care or know that they are in address book "XYZ" and I deleted XYZ and created ABC. Will they simply start populating ABC?
By remote clients you mean other Viewers, correct? If so, you update the address book on the server by updating it in one of the Viewers, the address book on the server will then overwrite other books on other Viewers. At least that's how it works in theory.
Still, we are currently seriously improving the whole mechanism and the beta is coming soon. The only thing you should remember at all times in order to be safe is that you should back up your address book. By default the Viewer does that automatically for you though unless you changed the back up setting in the Options, but those backups are daily ones. So before you make any critical changes like updating the book on the server, it is recommended that you first back up your address book in the Viewer using "Export connections" option.
Hope that helps.