Here is an article that I thought interesting. I know it's a little old, but it still seems relevant.
http://www.beulbek.nl/2007/07/20/emacs-php-and-the-tilde/
It appears to offer some insight on some of the httpd server settings (as well as an emacs setting) that are purported to be effective in preventing httpd.conf from allowing a web client to open and read backup files. That is, if your default server configuration doesn't already prevent it, and you happen to have a backup file ending in a tilde ( ~ ) in your web accessible directory.
If you decide to try the "Order allow, deny" approach in your own .htaccess file because your server doesn't already prevent this, take note that the "file" containers used in the example contain spaces. They probably shouldn't contain any spaces in order to work.