Agreed. The DH panel doesn't allow secure restrictions to sub-users IME.
None other than FTP/shell, to my knowledge.
I know of nothing possible on FTP/shell but easier on the Panel.
And beware of giving him even FTP/shell - by default he'll have access to /all/ your files, not just that site's.