I think it would be usefull to add a .htaccess to the piwik directory.
AuthUserFile /path/to/.htpasswd AuthGroupFile /path/to/.htgroups AuthName "PIWIK" AuthType Basic <Files "*"> require group admins </Files> <FilesMatch "^piwik.(js|php)$"> Allow from all Satisfy any </FilesMatch>
With this .htaccess global access is only allowed for piwik.js and piwik.php
To access to any other file you need a password.