two I can think of, ban ".php" and any other standard executable extension from filenames (at least as a default config option), encode filenames on disk
"If you would prefer only the last dot-separated part of the filename to be mapped to a particular piece of meta-data, then do not use the Add* directives."
splitbrain: Well, in my case it would have saved my ass, because I actually //used// the default .htaccess, I only copied it over to the static configs.