.htaccess directives apply to that directory, and all subdirectories thereof, so you should disallow access in your DocumentRoot,
Order deny,allow Deny from all
And override that in any specific subdirectories you would like to allow access to
Order allow,deny Allow from all