Does iThemes Security need to use .htaccess for IP blocking feature?

When an IP is banned for too many login attempts or too many 404s it seems like iThemes security handles the ban in 2 ways.

1). It bans them at the application/Wordpress level
2). It bans the IP in .htaccess (Apache)

I realize that the deny IP in .htaccess is beneficial because the “bad” IP is blocked before it even gets to WordPress, but I’m wondering if in a case where iThemes security can’t manage .htaccess if the same block will still be enforced by the plugin at the application/Wordpess level?

In my scenario the iThemes Security plugin was permitted to updated .htaccess on install so the original content is there, but on a day-to-day basis the plugin cannot make changes to .htaccess.

The obvious problem is that although iThemes Security functions normally, if it needs to make changes to .htaccess as an attack is happening in real time to stop it, this wont work. If it’s also banning the IP a the application/wordpress level in a similar way, maybe I can live with it, but I need to know more.

If you know how this works, please explain / confirm.

Thanks.