I've just seen this on the hackplayer's github:
Machines writeups until 2020 March are protected with the corresponding root flag. But since this date, HTB flags are dynamic and different for every user, so is not possible for us to maintain this kind of system.
Can anyone confirm this? It seems a complicated thing to implement and kills off all the write ups people produce and then password protect.