As you've seen, it's a matter of security. I chose not to disable HTTP Authentication for any host, but I do turn it off for the /umsp/ address. The reason for this is that the requests are made from other systems in your LAN and DLNA does not support Simple authentication.
Now, the question is - is it safe to disable HTTP Auth completely? No - your webend would be accessible by anyone in the LAN, and they could get your configuration and your credentials to your saved accounts.
Is it safe to disable HTTP auth for UMSP? It probably is, but there can be certain plugins that will allow you to download arbitrary content from the WDTV (e.g. a carefully scripted request to umsp-test.php can do this), so you can get the credentials.
How should this be done? Well, I'm thinking of a way to allow the user to turn off auth for requests from specific hosts. This way, the user would be able to use something like Julio's WDTV Remote app. I haven't thought of a way to do this that is elegant yet...
The way the httpd.conf import works in my case is that it imports a blank file when UMSP_LAN is disabled, or imports a non-blank "override" file when it is enabled. You can adjust the paths to fit your system for now.