I know of at least 1 plugin that causes this problem >>> My Calendar >>> the problem and workaround are explained here >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/
There is a workaround for this plugin’s issue that is explained on the AITpro plugin compatibility page until the My Calendar plugin author can fix this problem.
Also when you update / save your permalinks it will overwrite the BPS .htaccess security coding. So if you update your permalinks after activating BulletProof Mode for your Root folder you will need to activate BulletProof Mode for your Root folder again. We are debating on if this should be changed in the next version release of BPS. Thanks.
The My Calendar plugin author has fixed the old .htaccess issue that was occurring. It is no longer occurring and the old info plugin info has been removed from the link above.
Also if you are using a cPanel tool called HotLink Protection it will do exactly what you are describing. You cannot turn that cPanel tool off. Please see this post for more information >>> http://wordpress.org/support/topic/plugin-bulletproof-security-htaccess-files-keep-losing-bulletproof-security-code
