I'm using the code in Tom's response here. However I have a script that automatically generates .html files into my public_html folder. These files are then loaded by my .php file, which looks something like this:
include can access any file, as long as it is accessible by the web server.
So you can put secret_information.html anywhere in the file system, preferably outside of the document root or
If you must keep the file inside your publicly accessible web for some reason, you may use Apache's Authentication and Authorization facility.