Take a look at the email, that your friends get, when you grant access to one of your blogs. In it, you'll find a message with a clickable link (details masked here, to protect the innocent)
The Blogger user xxxxxxxxx has invited you to read the private blog: xxxxxxxxxxxxxxx.Do you see the link?
To view this blog, visit:
You'll need to sign in with a Google Account to confirm the invitation. If you don't have a Google Account yet, we'll show you how to get one in minutes, or you can view the blog as a guest for up to 30 days.
That link contains a component called, in security context, a token. You execute the token when you click on the link; and you gain access to the blog, when you execute the token.
One of the benefits from token based access is the ability that you, the prospective new blog member, get when you receive the invitation email from a friend. You can execute the token from any valid email address that you wish, simply by forwarding the email as you see fit.
Unfortunately, this is both a benefit and a drawback to token based access. Besides you forwarding the email to yourself, at another address, there's nothing stopping you from sharing the email with other friends. Or, even posting it in a public forum.
Question: If my blog is configured to be viewed only by authorized people, how come anyone can see it, by clicking the link:
You, the blog owner, have to be able to trust your friends. Don't make your friend a member, if you can't trust him to not share access with others.