Do not use 'php_flag engine on/off' in .htaccess for now. It will be supported in the future releases.
php is handled by External Handler (lsphp5 by default). To disable php per directory, .htaccess is the way to go:
1. turn on .htaccess for the vhost (Vhost->General->HTAccess -> check FileInfo at least)
2. to block php (HTTP 403 returned), put the following lines in the .htaccess under the directory desired:
or the rewrite rules NiteWave suggested above.
2. to block php but allow source to display, put the following line in the .htaccess: