Comment 3 for bug 614179

Mahara ships with an .htaccess file in the htdocs folder which uses the php_flag directives to disable a variety of strange/stupid/dangerous/etc php options.

Given the errors that you're seeing (Invalid command 'php_flag'), I would guess that you're not using mod_php and therefore that the .htaccess doesn't know how to handle the php_flag and php_value options within the .htaccess file. Are you perhaps running php with something like suexec?

From memory and a quick google, if you're not running php as a module, you can't control it with a .htaccess file and so you need to insert the php options used in the .htaccess file into your php configuration in some other manner. As to how you do that would depend on the way in which your server is set up. Once you've got those options set, you should be able to safely remove them from your .htaccess file.
If you don't remove them from the .htaccess file, you'll continue to get an '500 Internal Server Error'. If you remove them from your .htaccess file and don't add them to your php configuration YMMV. Things like register_globals could still be on, and magic quotes and these could affect how the site operates.