Given a simple login system (register and login), which of the two choices is more secure:
User info consists purely of username-password.
Of course, best-case is assumed for both options: MySQL injections are accounted for, password is md5/sha1/md5+sha1/any other means encrypted, etc.
In case you're wondering, in the first case, php will add user credentials to the htpasswd file. (see this question for an example implementation.)
I'd say always the login form (by which I assume you mean standard session-based authentication).
.htaccess authentication transmits the password on every request (Of course, SSL would help here)
.htaccess authentication doesn't have any rate limiting / brute-force protection by default in Apache
Logging out from .htaccess authentication is a bitch