Duplicate Code in htaccess causes 500 Server Error

I noticed that iThemes Security has written code into my htaccess file that has crashed the site. The code was written after the #END iThemes Security comment and actually broke into the BEGIN/END WordPress permalink structure code. Here is how it looked:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress ^wp-admin/includes/ - [F]
		RewriteRule !^wp-includes/ - [S=3]
		RewriteRule ^wp-includes/[^/]+\.php$ - [F]
		RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
		RewriteRule ^wp-includes/theme-compat/ - [F]

		# Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
		RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)$ - [NC,F]
	</IfModule>

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Reduce Comment Spam - Security > Settings > WordPress Tweaks > Comment Spam
		RewriteCond %{REQUEST_METHOD} POST
		RewriteCond %{REQUEST_URI} /wp-comments-post\.php$
		RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
		RewriteCond %{HTTP_REFERER} !^https?://(([^/]+\.)?{hidden_username}\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$) [NC]
		RewriteRule ^.* - [F]
	</IfModule>
# END iThemes Security - Do not modify or remove this line

This has happened a couple times now. Any ideas why?