If you really need the password, there is a way you can get
it, but not from the CGI script itself. You can use mod_auth_external
to do your authentications, and use some sort of cache to store
the username and password, then have your CGI script read that
and compare to the REMOTE_USER environment variable. You're
going to take a performance hit for doing this though.
If you use Apache's built-in authentication modules,
you can be relatively certain the password was given correctly,
so there's probably no need to check it a second time in your script.
It also seems like you should be able to implement something
in mod_perl to obtain the password, but I haven't looked into
it enough to know.