After trying out my .htaccess scheme to protect my WordPress installation I was running into an endless pop-up of authentication pop-ups.
I searched around and found a post by DianeV on the WP forums: http://wordpress.org/support/topic/113881#post-546028
She links to a post she made back in 2007 (yikes) entitled:
WordPress admin password protection 404 http://developedtraffic.com/2007/05/27/wordpress-admin-password-protection-404/
She points to a support issue with the TextPattern CMS http://textpattern.com/faq/173/password-protected-directories-with-htaccess which happens to give a solution.
It turns out that some servers need to be told explicitly where the error pages are, especially those for 401 and 403 errors, in order for .htaccess authentication to work properly.