$ewiki_plugins["auth_userdb"]![] ($username, $password)

This is usally called from ewiki_auth_user() which itself got called
from within an ["auth_query"] plugin (the auth_method_* plugins).

Should return the user 'database' entry for the given user in the form
array($encodedpassword, $ringlevel, ...) -  The returned $encpassword
is afterwards compared by the ewiki_auth_user() function (usually
invoked from within auth_query() plugins).
The array should contain the $ringlevel for the queried user at array
position 1+, but it does not need to be there. Everything afterwards
that in the array is ignored. So if there are other useful informations
in your userdb entries, then the ["auth_userdb"] plugin should export
this itself into $GLOBALS where useful.

Alternatively an "auth_userdb" plugin could compare the $password
itself or remotely against the contents of its database (and not let
ewiki_auth_user() do that check). In this case it should fake the above
behaviour by returning the $password as first entry of an array() in
the form described above.

The term 'plain auth_userdb plugin' (someties used in this README or
plugin comments) refers to the more stupid variant that just returns an
array() entry and lets ewiki_auth_user() compare the unencoded/submitted
password against the checksum from the _userdb plugin.
prev << "$ewiki_plugins["auth_userdb"][] ($username, $password)"
next >> "Examples for your own ewiki_auth plugins"

You cannot modify the ProtectedMode file, but anyhow any ideas or suggestion should as usually get filed on BugReports, UserSuggestions or even better the ProtectedMode.Discussion.