Hello,
I think it would be usefull to add a .htaccess to the piwik directory.
AuthUserFile /path/to/.htpasswd
AuthGroupFile /path/to/.htgroups
AuthName "PIWIK"
AuthType Basic
<Files "*">
require group admins
</Files>
<FilesMatch "^piwik.(js|php)$">
Allow from all
Satisfy any
</FilesMatch>
With this .htaccess global access is only allowed for piwik.js and piwik.php
To access to any other file you need a password.