First off you're not running in taint mode, which you must do whenever you let outside users, write to the local file system. Read perlsec to see how it works.

Even if you have taing mode enabled, passwords are easy to guess and crack, and I fear that you're essentially giving someone permssion to write any script they feel like in your CGI-BIN, and then run it my pointing a browser at it. This is a very bad thing...

I would strongly consider if you really need this? and unless it's a burning desparte need, I wouldn't do it.

If you have to be able to do this, then you must make sure your passwords can't be broken easily, you enable taint mode, and you run your CGI-BIN in some sand box environment, and you are hope you need to be lucky...

Be paranoid, very paranoid....