If you leave it at none, nobody can alter any .htaccess settings, which is always more secure than allowing anybody to alter any of them.
But in general the .htaccess files are fairly secure, even when the AllowOverride is set to all. You just need to make sure nobody is able to alter them via a broken file-upload script (or other such holes), or an insecure file permission setting.
The most secure thing, really, would be to create a secure user, apart from the FTP or Apache users or groups, have that user create the .htaccess file and deny anybody except that user write permission on it. You would of course have to give everybody read access on it, but that is hardly a security threat, unless you use it to store something that needs to stay hidden. (Note, Apache excludes .htaccess files from being visible to web-requests, so nobody without access to the server through other means would be able to read it.)