I'm pretty bummed about this; a lot of attacks nowadays are being done robotically and are either brute-force or attacking specific vulnerabilities in code.
While I'm pretty confident I can set up a reliable password using .htaccess, and lock it down to my specific host, now I'm stuck with basically having to trust svmanager's security system - something I am highly disinclined to do with PHP code. It's really a bad bad bad bad bad (did I say "bad" enough times?) idea to code so that you're defeating other security systems. I've seen hundreds of programmers who thought they could get it right and didn't.
Just for example, if I could put my .htaccess file in front of svmanager, it'd be possible for me to hide the fact that it's svmanager running in that directory. That'd be a huge win because (as I said earlier) the usual modus hack is to find a vuln in something and just start scanning www-whatever for that app. If there's a vuln found in svmanager, we're all toast in 24 hours.
This is a major mis-feature. Bleh.