Basic htaccess transmits the passwords in plain-text which is not particularly great. A step up from that would be to use digest mode, where an md5 hash of the password is generated and transmitted over the internet rather than the password itself. The downside of that, is that not all browsers support md5 encryption (all of the major ones like IE, Netscape, Mozilla, Opera, etc do have support). To increase security even further, you could use https.
If you want to put the web form on serious lock down and get draconian for whatever reason, you could use radius authentication or a mandatory VPN.
There are also various third-party Apache modules available that support other authentication types like Kerberos, LDAP, PAM, etc.
Here is a good overview of the basic Apache authentication types and the security implications of each:
http://httpd.apache.org/docs/howto/auth.html