httpd.conf AllowOverride All
AllowOverride directive is used to allow the use of .htaccess within the web server to allow overriding of the Apache config on a per directory basis. I believe CI uses mod_rewrites to make it work correctly. That's why it only works when you have AllowOverride All because you are telling the webserver to allow the use of an .htaccess file which CI uses. That's the simple answer. It's not about security per say, it's for the use of .htaccess files.
You will most likely have to use AllowOverride All to use codeigniter because that's the way it works. There shouldn't be any major security concerns with using this directive. Security wise you should be fine. Just don't use AllowOverride All in a <Directory /> block.
Only use it in a specific web directory only. This below is what you have now and should be fine with AllowOverride All.
<Directory "c:/Apache24/htdocs">
if it wasn't for this directive, .htaccess files would not work. Have a look at the documentation for more detailed explanation.
http://httpd.apache.org/docs/current/mod/core.html#allowoverride