On the internet you can find a lot of info about password protection with .htaccess files. This protection is very weak in the sense that other users of allserv can simply bypass this protection by copying your files with sftp instead of a regular browser.
It is much safer to transfer sensitive files with encrypted archive files, e.g. a password protected zip file. It is safe to simply upload them to your WWW folder on allserv without further password protection.
One can find myriad of zip file password crackers on the internet. All of them work by simply trying many passwords, often using syllables from a given language to beat the entropic barrier. Choose a good password and all these crackers become totally worthless. Make sure your password is long enough, does not contain (parts of) dictionary words, does contain both letters, numbers and funny characters. A good trick to come up with a password is to take all the punctuations and first letters in a sentence that you can easily remember and replace some of them by a number. It is even better to take the entire sentence as a password.