Technically, no, they cannot access it. But by placing the folder there (under a public directory) you expose yourself to a higher risk, like if you make a mistake and overwrite your .htaccess , or the server gets updated and your rules became ineffective.
You'd be better to move that folder outside of your public_html
(or equivalent). What I usually do is to create a private_files
right beside the public_html
folder, and any files that I need there can be referenced from (secure!) scripts.