I tried to add a new user to an access-restricted directory today. I hadn't noticed that this account had gone over quota. Adding the user failed with an error message that didn't explain what the problem was, but that's not a big deal. What was more of a problem was that it replaced the .htpasswd file with one of 0 bytes, immediately locking all the current users out. It would be good to have some checking built in to stop this happening!