Hi Jason, I managed to find a better workaround and thought I would post in case it helps anyone else. I used .htaccess but instead of password protecting the folder, I set it up to prevent direct linking to any downloadable files - the only way to access them is through the page in the secure folder.
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mywebsite.com/secure(/)?.*$ [NC]
RewriteRule .*\.(flv|mp4|pdf|xls|doc|mov|wmv|avi|ppt)$ http://www.mywebsite.com/images/DENIED.png [R,NC]