welcome to WebmasterWorld, htaccessbitbybit!
as jdmorgan posted in the thread you referenced:
Do not mix mod_alias Redirect and RedirectMatch directives with mod_rewrite RewriteRule directives, as doing so can cause unexpected and mysterious problems due to unknown module execution order
so if you are also using mod_rewrite RewriteRule directives in the server config or .htaccess file(s) you should avoid using RedirectMatch and instead use the RewriteRule directive with the G (410 Gone) flag,
using the mod_authz_host module to "deny from all" will also work and is probably a more accurate signal since it will provide a 403 Forbidden response.
you will only get one of the responses, depending on the order of execution of the apache modules.
it shouldn't be necessary to hide .htaccess because any filename that starts with a dot is hidden by default, at least on *nix systems.
however it can't hurt to be extra secure with your configuration, so to prevent .htaccess and other files such as .htpasswd files from being viewed by user agents:
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
you should put these directives in your server config file and if you don't have access your host should have done this already.
