Going slightly offtopic however... Apache at least can (and should) be configured to deny viewing of .ht* files. The apache httpd.conf (or your local over-ride if allowed) needs a section like

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</files>
[download]

Which disallows download (view) of all files beginning with .ht See Module mod_access for more information.

--
my $chainsaw = 'Perl';