In the Apache httpd server version 2.0.47, a user can bypass a Deny directive by setting the ErrorDocument directive in their .htaccess file to access a php script which can then access the data they should be denied.
d2263f39b7545054db660f7e8f771995d42e67cdd3702d21ae045cec018945c0