SVN consists of several components, frequently all bundled as a
unit.
There's the admin SVN utilities, which set up the archive filesystem structure and maintain the archives.
There's the svn server, which can run either via the Unix superserver (inet) or as a stand-alone daemon.
There's the svn user client utilities, which all users to check projects in and out and commit changes,
etc. These utilities can operate against a local archive on a time-shared system (not very common these days), via the svn server, or via HTTP/DAV.
Not generally part of the package:
There's also mod_dav, which is a plugin for the Apache webserver. It allows users to use DAV to talk to Subversion. Other servers such as IIS may have their own plug-ins for the same purpose.
When they do that, the subversion security files are not referenced. Mod_dav uses Apache's security system, so access is controlled as part of the general web access control mechanisms such as the ".htaccess" files and the settings in Apache's httpd.conf files. Which may reference security plugins. Mine uses the LDAP plugin, for example.