Not sure if it's actually that helpful but might be nicer to serve up a 404, in the interest of opacity.
Simply giving the hacker less information (though not just depending on this) is a useful form of security. If you give them a 401, then they at least know that the file exists.
It should be noted that the author states that this htaccess rule "block[s] access to any file containing the string wp-config.php", but the rule itself is designed to block any temporary editor file matching the pattern he describes in the article regardless if it is named wp-config.php or not. Your nginx rule does the same.
Simply giving the hacker less information (though not just depending on this) is a useful form of security. If you give them a 401, then they at least know that the file exists.