Actually, after enabling ‘Customized htaccess’ option, it should not add HMWP rules automatically to htaccess file (needs manual addition). But it’s strange that HMWP rules in your site’s htaccess file is being overwritten even with this option enabled.
But you can edit your htaccess file, right? Do you use FTP or Hosting Control Panel for this? In that case you should be able to modify the file’s write permission too. Or may be you can ask your hosting provider?
1) actually, enabling “customized htaccess” should do the job. But in your case as this seems to not work, the other way is to change permission of htaccess file to read-only.
2) you can be hacked because of numerous ways. HMWP renames default WP paths so that wordpress is hidden. Also it has IDS, which blocks intrusions (harmful requests) coming to your site. But this alone will not guarantee that the site will not be hacked. We also recommend you to use Wordfence plugin along with HMWP for enhanced security. And scan your site for malware infection too.