Well, basically, nothing is really secure unless you use SSL (https) because http is cleartext. Anything you send over http could, in theory, be read by anyone between you and the server.
There are some ways of sending a single use token to the user, and the user’s browser using that token to encrypt the password and send it back to the server over http, but they are not as secure as https. Those methods are much more secure than using Basic Authentication via .htaccess .
You could use Digest Authentication, which is a little more secure and can be done through .htaccess, but it suffers the same problem: there’s no way to log out.
If your access requirements are not that critical (i.e. your protected data is not that important and you just want to keep out casual adversaries), then even Basic Authentication is fine. If you really want to protect something valuable, you’ll need SSL (https) and a dedicated IP address.
Anyway, you don’t have to wait to fix your problem. Just SSH into your account and edit your .htaccess file. Here are some instructions: http://www.addedbytes.com/blog/code/password-protect-a-directory-with-htaccess/