Just read about this. Was just about to post when I logged on and saw it here. Good thing somebody did. And though this security hole was found in php, I doubt many will have the expertise to exploit it. And as for that apache/.htaccess many sites already do that. I know, I check on many of them. Some are responsible, some are not.