Which Piwik folders should be protected?


I’ve installed Piwik yesterday and so far I love it.

I’d like to ask - which folders do I need to protect in .htaccess? I’d like to give my users ability to log in without HTTP auth window, because I use a widget in CMS, so they won’t receive any HTTP auth in CMS.

Right now I’m protecting config folder against reading. Is there anything else I should do?