Well, what you're doing is accepting arbitrary input from users and then serving it out. Just because the users are "trusted" doesn't let you out of validating and scrubbing the input. Since you have an established framework to follow, why not just write a CGI based form to accept their input. You can use CGI.pm to do the dirty work for you. Then do what you want with the data. You can write it into a static page, or parse it into an XML structure that can be dynamically displayed/searched. I would suggest an intermediate structure so that editting a node would be easier.
If you want to avoid a .htaccess password mess, run a local server that does the data wrangling and then auto updates the live server.