Absolutely :-)

One of the things the security plugin recommends as well, is to use .htaccess to password protect the WordPress admin directory using Apache authentication as well as the admin login, so they can't even run the PHP scripts without knowing another password.