how I can limit user access to the BE folder but allow the users with a FE to access it
Can't folder access be controlled via network groups and permissions? Surely you have that situation now so that not everyone in the entire organization can open every folder on a drive? IMHO, you have to evaluate the level of protection needed against the known threat. Colin is quite good on the subject, but as he says, it's a lot of work. Note that you can password protect a be and pass that value in its opening code, which can't be viewed if it's an accde. However, it's not bullet proof. Send me an fe and be and I'll tell you what the password is, but that's because I know where to find it. If all you need to do is keep out the usual user, it might be good enough - but don't forget what it is.
If your concern is that someone with permissions on a folder could copy the be and fe and maybe know how to find the password, then associating the be to a particular server (or at least network path) may be the way to go. I would think someone would have to know what the db contains to want to go to the trouble of recreating that path, starting with changing their drive's volume name.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.