I am familiar with how to block access to files using htaccess and keeping files outside the document root and serving the protected files through scripts like php. My concern is what are the possible ways a hacker can use to access files protected by htaccess and the files are inside document root of the web server ? What are the security concerns here and its remedies?