Is their any benefit to password protecting your directories that you don't specifically intend visitors to view, such as /images?
You can switch off directory browsing per directory in httpd.conf, or use a .htaccess file to deny. Or even just 'touch index.html' in the images directory to give a blank index file (and therefore making the directory unviewable.) If you have something there that you'd prefer users not to see then it is a good idea. Then again, perhaps you shouldn't be storing files that you do not want anyone to see below your DOCUMENT_ROOT?
Not for image directories. But you should ensure appropriate security is applied to files and directories containing scripts and script includes as these are more likely to hold sensitive data like db connection strings (with passwords in them etc.)
.htaccess is mostly used to protect a folder dontaining sensitive information and a blank index.html is sufficient for any other directories...
You can't password protect folders from where content is shown on any public website as visitors would be promted to login screen instead of displaying an image for example.