What you're attempting can't be done (IMHO) as your objectives appear to be mutually exclusive: Either the directory is protected or it's not.
Just a comment on the allow,deny: Typically, you use Deny,Allow (order) then Deny from ALL before punching holes in the Deny by Allow with your username/password and/or your LAN address.
With that, I don't believe that you can "punch a hole" in the directory protection for a single file (and/or supporting files). I believe that you really need to move that file to a different directory (i.e., VirtualHost).
"Bone headed?" Naw, just ambitious with your "wish list."