In my former life, I had a directory inside my Web Root called config, and inside that directory had a .htaccess file with this code...
deny from all
My understanding was that code would prevent someone from accessing/opening any files in my config directory.
Since then, I have eliminated that folder, and moved my config.php file outside of the Web Root to a directory called outside_web_root.
Does having a .htaccess file - with that same code - in my new outside_web_root directory serve any purpose now?? :-/
The goal being that I want to make it as difficult as possible for hackers to go where they shouldn't!!
Hope that makes sense?!
That makes GOOD sense and, no, it should not be needed outside your webspace.