Maintaining multiple htaccess files across sub-directories is a webmasters nightmare, and the reason same is not mentioned here.
It's easy enough to make a simply syntax error in a single file, multiple that by 3, 4 or five and the likelihood for syntax errors increases dramatically (after a few minutes of looking at lines, it all pretty much looks the same and your eyes are out of focus (if you had good eyesight in the first place)).

Most common location is in the root directory.

There may be special and RARE needs for multiple file, however it's generally NOT the rule.

Many softwares (CMS, PHP and otherwise) create their own htaccess for subfolders. These placements should actually be corrected if possible and placed in the root htaccess

cool,
and phew!
(for the same reasons you mention, mistakes/tracking/updates etc)
keeping it lean and simple is my goal,
cheers for the quick answer,
=:)

Different answer. Well, different wording, same principle.

If you have two htaccess files that say the same thing, then that thing should be moved up one or more levels to an htaccess file shared by both directories.

There are some no-brainer exceptions. If you want to enable or disable auto-indexing only for certain directories, put the command in those directories' htaccess. Similarly, if different directories use different error documents, put the ErrorDocument statements in the appropriate htaccess.

As far as I'm concerned, an htaccess file consisting solely of the line "Options +Indexes" doesn't count as an htaccess ;)

Here is a concrete example of multiple htaccess files. I have two domains within the same userspace in shared hosting. That's two directories inside a higher-level directory.

Everything headed for either domain passes through that first directory. So it's got an htaccess containing all the core-level Deny From directives. It also also has the file overrides: the commands that let everyone pick up robots.txt, error documents and the favicon. The two domains each have their own versions of these documents, but they have the same names-- that is, robots.txt will always be called robots.txt no matter where it lives-- so they can be covered in a single htaccess.

At the next level, each domain has an htaccess of its own. Each of these contains only mod_rewrite directives. It deals with things that are specific to the site, like requests for particular pages, or individual redirects. There is a tiny bit of overlap for things like Ukrainian robots that can't be handled solely by IP, but these are kept to an absolute minimum. The important part is that any given request will only meet mod_rewrite once, will only meet mod_setenvif once, and so on.

htaccess is a "per-directory" configuration file.

If you have something that has to happen, or must not happen, only in specific directories then it is appropriate to have multiple htaccess files. These are usually used for blocking outside access or for not generating index pages for certain folders.

If we're talking about mod_rewrite for redirecting and rewriting then you should put all of the rules in a single file in the root otherwise you will have unwanted interactions between overlapping directives in the different files.

you will have unwanted interactions between overlapping directives in the different files

That's why I don't have any mod_rewrite in the shared htaccess. The two others are domain-specific, so there is no possibility of interaction. Of course there will always be visitors who are blocked or rewritten more than once-- for example by behavior, by UA and finally by IP-- but that would happen even if everything were tucked safely into the config file.

When I set up the shared htaccess, I got rid of a lower-level htaccess that I used to have in one directory. And, ahem, you will be relieved to hear that a while back I globally changed all mod_alias directives into mod_rewrite, so those are gone too ;) I ran some Regular Expressions on the htaccess itself, so everything got changed in one fell swoop.

perhaps i misread somewhere, bots and spiders start their search from the root folder, if that's the case then to modify all the .htaccess folders seems pointless (if the code in the root folders .htaccess is doing its job that is).

Where or how bots and spiders crawl your site is completely irrelevant. If a file is requested from a sub/sub folder then the parent/parent .htaccess file still applies.

I think I understand, i.e. the un-asked (but important) ‘Why?’... (in my original question that is).
My understanding is...
The .htaccess dictates the behavioural information about any part of the the path beneath it, including the folder that it is in.
All traffic has to behave in accordance to any dictates that were given at or above the current location. As lucy24’s example (msg:4413390), the sum of dictates may in fact be from several .htaccess files.
Therefore, because the dictates apply to everything at and below, there’s no need to repeat the same dictates further down the same path no matter how many subfolders along.
Y/N?

Right. Analogy: You are visiting a friend whose apartment is on the third floor just off the back stairs. Even though you can get there in half the time by going around the back and knocking on his window, you must instead go in the front door, show your credentials to the doorman, wait for a peon to run upstairs and make sure your friend is home... et cetera.

If you are on shared hosting with many layers of directories before you get to the "root", requests can't just levitate directly into the root directory. They have to come in through the server, get past the config file, and then work their way down through all the directories.

Some directives from one level can be overridden at deeper levels. Auto-indexing is an obvious one. But if a visitor is unconditionally banned at the front door, all the htaccess files in the world won't let them in to even one little sub-sub-sub-directory of your own domain.