I've helped people out with .htaccess style password security, and had good results with it. It was kind of fun, we were both fumbling our way through it, but that's off the topic. Since then the other person has gone on to publish large amounts of data that way. As chromatic writes, it's not the most secure way, but sending the username and password base64 encoded is better than sending them in plain text. At least in my (limited) experience.

YMMV

Michael,
the blue haired monk.