REMOTE_USER "script is protected"?

I have a form on an html page that is protected under htaccess. When I submit the form, I see the environment variables showing
GATEWAY_INTERFACE = CGI/1.1
but I do not see an entry for REMOTE_USER.

At http://hoohoo.ncsa.uiuc.edu/cgi/interface.html
it says "This is the specification for CGI version 1.1, or CGI/1.1" and the link at http://hoohoo.ncsa.uiuc.edu/cgi/env.html
says

Quote:

---

The following environment variables are specific to the request being fulfilled by the gateway program:

REMOTE_USER
If the server supports user authentication, and the script is protected, this is the username they have authenticated as.

---

The script that processes the form (simply showing the environment variables), is in a path that is not protected by htaccess (i.e. /cgi-bin/). I cannot run perl scripts outside of the cgi-bin path.

Am I really supposed to protect the script?
It seems to me that since the html page is already protected by htaccess, the REMOTE_USER should be set and passed to the perl script that resides in the cgi-bin. But I am doing this already so I must be missing something. Plus I could ask for a different username to authenticate for the cgi-bin directory or one of its subdirectories.