Thanks GIJoe. Actually web hosters have told me that these lines shouldn't be in .htaccess and are putting them into php.ini for me so hopefully the situation will be resolved.
BTW, I am able to add
<Files ~ "mainfile.php">
Order allow,deny
Deny from all
</Files>
as suggested in
Xoops Security FAQ so perhaps php directives don't belong in .htaccess or am I missing something?