emails and ACLs - not getting it

Oct 14, 2009 at 5:35 AM

according to Amazon docs,

"You can grant access to buckets and objects within your Amazon S3 account to anyone with an Amazon Web Services account. Any users that you grant access will be able to access buckets and objects using their AWS Access Key IDs and Secret Access Keys."

 And I see here:

that you can specify an access control list. What I dont understand is where would a user do the  "using their AWS Access Key IDs and Secret Access Keys" part. The HowTo example has the access and secrets hard-coded. Do I have to programmatically set the keys after getting them from the user? How is that secure? Some core piece of the usage of this control is missing from the documentation.