I'm pretty bummed about this; a lot of attacks nowadays are being done robotically and are either brute-force or attacking specific vulnerabilities in code.
While I'm pretty confident I can set up a reliable password using .htaccess, and lock it down to my specific host, now I'm stuck with basically having to trust svmanager's security system - something I am highly disinclined to do with PHP code. It's really a bad bad bad bad bad (did I say "bad" enough times?) idea to code so that you're defeating other security systems. I've seen hundreds of programmers who thought they could get it right and didn't. :(
Just for example, if I could put my .htaccess file in front of svmanager, it'd be possible for me to hide the fact that it's svmanager running in that directory. That'd be a huge win because (as I said earlier) the usual modus hack is to find a vuln in something and just start scanning www-whatever for that app. If there's a vuln found in svmanager, we're all toast in 24 hours.
This is a major mis-feature. Bleh.