The other people you referred to, on other forums, may have been referring to the 3 lines of code that can be added to prevent people from reading .htaccess files online, in their browsers. It is just like a Do Not Disturb sign to curious onlookers and is ignored if they possess a key to your virtual room (website). It has no affect if somebody has "Owner" write access to your website. There are only a few ways that can happen. One is if you somehow give up or are stripped of your (cpanel or ftp) login credentials, or if a server admin gives up the master credentials, or the server gets hacked through some other means and the hack affects all virtual hosts with accounts on that box.
What have you done thus-far to secure your website against further compromises?