Why? It's not a security risk. However to answer your question, you can't set expose_php with ini_set(). If you're ever in question you can reference "PHP: php.ini directives - Manual" to check which directives can be changed and from where . You'll need to set expose_php directly via the php.ini file.
Most settings has a reason to its INI type (in the manual refered as the PHP_INI_* values), this can be due to design reasons or just general reasons in the language.
My best guess here would be that it wouldn't make much sense either to make it PHP_INI_PERDIR since it would just disable it for one dir and its sub directories. Where the remote user could just go to the root directory and see the expose info.
And insted of putting a htaccess in the root dir (considering it was a PHP_INI_PERDIR) it would make more sense just to change the php.ini value.