Another gotcha that's worth investigating - if /home/foo/public_html/mumble has .htaccess in it, but your script runs under a ScriptAlias (from /home/foo/cgi-bin for example) then it won't need or send the REMOTE_USER details. Try (from a freshly opened browser) going straight to the scripts URL and see if it asks for authentication - if it doesn't, then it's not protected by the scheme that protects the form that leads to it.
I am facing the same problem, actually it is described here. It turned out that variables are prefixed with REDIRECT_ prefix (check here for the answer) after applying RewriteRule.