I don't have any official knowledge, but I would suspect that they will maintain httpd-2.2 throughout the lifetime of RHEL6. Security issues would be backported. (If older versions of RHEL are any indication)
The basic problem is though that there won't be any security fixes for 2.2 How can they back port something that does not exist?
Or do you mean you think they'll try to port a fix in 2.4 back to 2.2? Not even sure that will be possible.
Is there some way to get an official statement from RHEL on this? Like if I bought a licensed copy of RHEL and used it to open a support case or something like that?