It's possible to bypass htaccess protection gor local user wia directory symlink.
vulners.com/securityvulns/securityvulns:doc:2845