If you are talking about accessing by browing to the directory from the web, no, not at all. All they have to know is the username/password you set up for the Apache authentication (.htaccess provided password protection) when you set it up.
That username/password can (and probably should!) be something different than the ftp username/password, and you can set up as many different username/password combinations as you want from the panel.
If you want them to be able to access it via ftp, then, of course, they will need the “main” username/password combination. Good Luck!