Uhhh…if hackers managed to comprimise the system that would be the least of your concerns. Now if the directory is a place for uploads then you should be securing the code that handles the upload.
That’s of course the main defence, but someone I know got hacked recently with disastrous results so I’m looking for ways of making things even more secure, so the same thing doesn’t happen to me. Adding a .htaccess file to a directory only takes a few seconds, so I’d say that it’s worthwhile for an extra security measure.
I don’t know how you have your site setup but if you took the inititive to tie it all to a single frontend file (index.php) then you could tie executing PHP to the one single file. In other words a file with a .php extention would not be executed, only index.php.