Regardless of any .htaccess for login controls..a combination of the apache config and OS file permissions on the script itself will yield the result you're after. simply having a apache config directive to not allow www access to a directory prevents direct access via browser to the directory...and this directive doesn't affect permissions for your script, as these are OS file permissions. all the machinations of the perl script happen before the presentation layer stuff occurs, the apache config being part of the presentation layer setup. and then later you have the actual browser/client and any associated javascript etc.