Is there any way to edit the .htaccess file to only allow certain files to be used via PHP include or require, but not from a browser?

If I understand you correctly - you want it so the included files (say "password.inc") can't be read from a browser?

Simply make the (included) file inaccessible. Either set Apache not to show it, or (simpler) put the include files in some directory outside the document tree.