Thats merely a difference in how easy physical versus digital property is to protect. It is not an indication of whether something is stolen or not.
Because you are right. You can lock your jewelry in a safe. Not that easy for web-site content. (The login page you mention being the equivalent to the safe.)
"noindex" does not protect content from content scrapers at all. Since some content scrapers (and many blog-spammers) use Google's search APIs as a tool to find the most valuable content to scrape or spam, a noindex simply means that they (or legitimate readers) can no longer find the content in well-behaved search engines. But the real content scraper crawlers scan all sites independently of search engines, and simply run right through any robots.txt indication or 'noindex' in the web-page. They do not even check.
Or they are mere human "readers", that simply cut-paste (scrape) straight off your page, and onto their own.
Allowing a search engine to index ones content, so human readers can find it, does NOT mean that it is freely available for other people to paste into their own web-sites. Nor does it indicate that the content is suddenly put into the public domain and is free for everyone to scrape. Whether thinking of it from an ethical or from a legal perspective.
Some years go, when I finished my second masters degree, several of my fellow students were caught taking the easy way out when writing papers. A simple Google search on "their" content found that there was no original thought in what they had handed in at all. They merely stole the thoughts of someone else by cutting/pasting whole pages from the web. (Wikipedia is very popular with students, so many teachers always check there first. :) ) That is not only plagiarism (which got their papers kicked out and a warning of expulsion to be made), but it is also theft.
My first degree was back in the dark-ages, where we only had internet but no WWW, so that problem was not as easily executed or detected back then. :)