Since redirects tell the user agent to make a new request for a new URL, redirects must always be listed before rewrites.
The rewrite is actually going to fetch the content from inside the server. It is too late to change the URL once the server is reading the hard drive. Attempting to do a redirect after a rewrite simple exposes the server internal filepath (the one you wnated to keep secret) back out on to the web as a URL.
You will also run into this problem if a URL request results in a redirect performed by the .htaccess in a folder and a rewrite performed by the .htaccess in the root. The rewrite will happen first. Never put any redirects into the .htaccess file in any folder. Put all redirects in the root .htaccess and with their RegEx patterns adjusted to suit.