A recomendação oficial do Apache é evitar o uso de .htaccess , a menos que seja absolutamente necessário.
Se AllowOverride estiver definido como algo diferente de None , todas as solicitações que o sistema receber para um contexto com AllowOverride ativado farão com que o processo do Apache verifique um arquivo .htaccess em cada parte do a árvore do sistema de arquivos que poderia conter um .htaccess que se aplicaria à solicitação atual.
Veja aqui :
In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things.
.htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves. This is particularly true, for example, in cases where ISPs are hosting multiple user sites on a single machine, and want their users to be able to alter their configuration.
However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a section in your main server configuration file.