As a systems admin, I agree that using a simple .htaccess file with a corresponding .htpasswd file is the ONLY way to protect a sensitive Directory (or folder) against prying eyes. This is easy to do on Linux boxes. The folder CAN still be accessed by those who KNOW what the password is for the folder, but search engines and others will be locked out totally