In short: Will email addresses and private information visible in plain site on wordpress be well protected by password-protecting (with .htaccess etc...) the entire wordpress directory?
Problem 1: I needed a quick solution to allow my users (of all authorship levels) to email one another from wordpress based on the current email addresses listed in each person's profile. I also needed to allow them to email multiple people at once using checkboxes. So, one of my wordpress pages has a blatantly-obvious list of a whole bunch of people's email addresses.
Problem 2: We have sensitive internal company information on wordpress. I password-protected the wordpress directory to prevent public access.