The key here is group privileges. The short answer is to use 770 privileges on wp-content and wp-content/uploads, and it will work securely, without any .htaccess mods.
Here is a longer answer for interested Linux users.
WP docs state "any file that needs write access from WordPress should be group-owned by the user account used by the webserver". This is pretty terse - it gives you a big clue (but not all the details you need to understand WP file security on Linux).
Here is a fuller explanation.
If you know what 777, 755 etc mean, skip to next para. Octal privileges are a codified way of representing file access privileges: read=4, write=2, execute=1. So read+write+execute is 7, read+execute is 5, read+write is 6, read only is 4, no permissions is 0. You can assign different privileges to the OWNER of the file or directory, those in the same GROUP as the file or directory, and to WORLD (everyone). That is three groups of three. A directory with all privileges available to owner, group and world is drwxrwxrwx, or 777. A file with read+write+execute privileges for the owner and read+execute privs for group and world is -rwxr-xr-x, or 755 (the first character is d for directory or - for a file). Ok, now we are clear on octal privileges.
Now for WordPress uploads, lets assume your Linux user is "boris", WordPress runs under the webserver user "apache" and you want to upload into wp-content/uploads.
The wp-content/uploads directory needs privileges set to 770 (as does wp-content itself):
drwxrwx--- uploads boris apache 4096 May 19 07:17
770 means boris has read(4)+write(2)+execute(1)=7 privs on the directory, apache has r+w+x privs on the directory, and world (public) has no privs on the directory.
When you are using the image uploader (or any other time via a browser), WordPress is running under apache (the webserver). The directory is in the apache group, and the directory has group permissions of 7 - r+w+x.
So WordPress - via apache - has write privileges to the directory it needs to upload
755 won't work. When you use 755, this is only r+x (4+1) for the group. No write privilege for apache, therefore no write privilege for WordPress and an error results.
Execute permission on a directory means the contents of the directory can be listed. You can't create a file in a directory without also having execute privileges (this protects you from creating a file that you can't verify by listing), so the webserver user (apache) needs both write and execute privileges for WordPress to be able to upload.
Technically files such as as jpg's only need 660 permission (read + write). Execute permission is irrelevant for a file like a jpg (it doesn't have an executable form).
In summary, use 770 privileges for wp-content and wp-content/uploads if you want to be able to upload files via WordPress (and WordPress plugins, as they will also be running under the webserver). If you are connecting via ftp using your own user, you will have owner privs, usually r+w+x. World privileges are not required (or desirable). Using 770 for wp-content and uploads, you won't need any special htaccess directives either.
These principles apply all across WordPress directories e.g. themes updateable etc.