My Opinion:
You can't really do it (what you propose) with XAMMP. There may be ways to do some of these things, a few are patently un-doable, but, at the root, it (XAMPP) is not an appropraite solution. I'm sure some will disagree. You have used the word secure several times, you should define what you mean by that. Either XAMPP will fail the defintion, or your definition will fail the generally accepted meaning of the word secure. (IMO)
You could give them all vhosts to work within, and provide a modicum of security though Apache and MySQL GRANT definitions - but beyond that you are facing architectural constraints.
If you had a 'big box' you could easily use a virtualization scheme to use XAMPP on 'assigned' VM's - they would literally each have their own XAMPP (and guest OS session). - that WOULD meet the requirements. (I have done this with Sun Virtual Box, but any VW solution would work) This is obviously a lot of work.
Or conceivably - you could install XAMPP on each workstation, and create 'secure areas' using Windows security - that however - would assume the students have access to the same workstation regularly.
Perhaps the easiest solution - and it WOULD meet the requirements - would be to install XAMPP on USB Sticks. A $10-15 4Gb stick does great. The full version will run with very few restrcitions on a USB stick. (you simply choose 'Make this a portable installation). There's also a VERY minimized XAMMP lite, I run it (XAMPP 1.7.3) this way so I can work 'wherever' or you can simply 'move' the installation onto a local drive. There are a few considerations about what services on the host machines should be set to 'manual start' if they are already installed (mostly Apache and mySQL). Plus the students can work anywhere.
XAMMP really is not a provisioning system for multiple users on the same host machine. Again, its my opinion only.
Good luck