While reading a discussion about .htaccess files at corz.org, someone complained about lack of security skills of the admins there, where instead of securing their boxes, they disabled some useful php functions due to “security issues.”

By the way the .htaccess discussion whose link is provided above is very good, far more readable that the one at apache.org