In this particular setup the security would be exactly the same as a regular QVW - using NT credentials on the network and section access in the QVW (or on the server if QV10). Your iframe is just a window onto the QVS.
I won't go into section access as there are other good posts on this - hopefully this will give you the confidence that it is possible and not only that it is well proven.
Other solutions get quite complex and use things like MS ISA. Have a search for "double hop" or ISA on this forum. Havent yet looked at the QV10 webparts - it might be easier by now. the last time I got into the gory details of webparts was way back when it was first released. Nevertheless, the simplist approach is the iframe and reducing data based on the NT user. As soon as you want to refine things based on sharepoint selections tighter integration is needed.