The 1.10-beta3 doc/.htaccess file allows access to the new file doc/CMSMS_config_reference.pdf by default. If this isn't by design, then maybe the .pdf file extension should be added to the list of those file types that are denied by default. I propose changing...
to<Files ~ "\.(php|php3|php4|php5|phtml|pl|cgi|txt)$">
order deny,allow
deny from all
</Files>
<Files ~ "\.(php|php3|php4|php5|phtml|pl|cgi|txt|pdf)$">
order deny,allow
deny from all
</Files>