I guess it's a decission of the pub owners. Gemini provides status code 10 for requesting the user's input, and status codes 6X for dealing with client certificates which can be used for authentication. A few details still remain, like a somewhat short limit of characters for the comment (1024 bytes for the whole URL) and CSRF (which I think can be solved with CSRF tokens in the URL), but it's definitely possible.