Did you get any solutions to this? I'm working with the same issue and are interested in some help.
Intriguing problem this - don't have the time to have a go directly, but I would consider trying to implement an Http module that intercepts the request, checks that the current user has Read rights on the page and re-directs to a 404 page if they don't?
A quick and filthy solution might be to change the login URL specified for forms authentication in web.config to a 404 page, but that would be pretty wrong from a usability perspective (i.e. what if you want people to log in?!)
Create your own base class for template pages instead of inheriting directly from TemplatePage.
Override AccessDenied() method in your own base class and decide how you want to handle itinstead of redirecting.
It would appear that when we navigate to a page that is not published or has expired, you are taken to the login screen.
I understand why this is the case, but I wish to know if there is a way to display a 404 page or something similar instead.
We don't really want site visitors accessing the login screen just because they have found a page that is no longer available.