I am evaluating PHPEd. I like the product and would like to purchase it, but there is a security issue that I need to resolve.

I need to be able to debug PHP scripts running on an Apache server from a client with a dynamically assigned IP. For this reason, the debugger.hosts_allow and debugger.hosts_deny directives in php.ini will not work for me, because I do not have a static IP.

Does PHPEd support an authentication-based -- rather than ip-based -- security scheme? Is there a secure way for me to debug if I don't have a static IP address?

you may work using ssh tunnel. It's secure.

In this case you run ssh -R with appropriate ports and host names,
and activate debug session using browser with appropriate GET argument in the URL, for example
http://myserver/mydir/myscript.php?myvar=myvalue&DBGSESSID=1@localhost:7869

localhost should be used because debugger module should connect to sshd on your server which is already connected from your client ssh.
hosts_allow should be localhost, of course.

In phped version 3.3 you'll be able to set up debuggerhost in the settings and therefore will be able to run debugger and profiler sessions from inside the IDE.