Thanks for the evaluation of my script, Charter. I'm still pretty new to PHP, so I wasn't too sure if it would fly or not. That's one of the beauties of open-source though. Someone else can tell you if there are security holes.
I don't believe it is possible to protect a directory with .htaccess on a Windows server. What I've been doing is just removing the authentication requirement when I want to spider the site, then putting it back up when I'm done. Not the most convenient way of doing things, but it works.
BTW, my Windows site is on PHP 4.3.2. I guess that according to your post, that means I can't use HTTP authentication?