By "basic http authentication" I'm assuming you mean something like Apache's "AuthType Basic" directory restrictions.

Well the good news is that it will require a password to access the directory. The bad news (and we're talking pretty bad) is that the user/password combination is sent back to the webserver in cleartext. Meaning anyone sniffing your connection now has a free pass into that directory by sending the same user/password combo on their own.

An easy way around this is to use an SSL connection to your webserver, which will encrypt the traffic and prevent people from sniffing your user/password out of the ether.

Do take note of beable's advice, however. The files will, in some sense, still be accessible to the outside world. Someone just needs to find a crack into your webserver.