You don't really need to have cgi scripts to utilize .htaccess files. You would use cgi to say administer .htaccess files. i.e. so that your visitors can change their passwords and or add new passwords.
.htaccess files can be used to protect a directory and thus protecting files in said directory. The .htaccess will protect every directory under which the directory under which it resides.
Although the common use of .htaccess files is for security really it is administation file that is capable of far more then security
If the server and .htaccess files is setup right you cannot look at the file with the direct link to said file.
Here is an example of an .htaccess file
AuthName = What is printed on the popup screen to validate user...
AuthName "You must be a valid user"
Deny from all
Allow from 22.214.171.124
AuthType = Basic (I think there is other types but this is the only one I have used)
AuthUserFile = location and title of your password file...
Order Deny,Allow = we first deny then we allow
Deny from all = No one is authorized
Allow from 126.96.36.199 = ok well will allow people from that ip address. Note you can do blocks here and or domain names too...
require valid-user = you must have a login/password to access this directory
I am still learning all this myself but that should give you some idea???
Links that I used to understand more,,,
There are a few more but this will get you started
Hope this helps
P.S. this should really be in one of the server development forums