yeah, I would say .htaccess would be the way to go. Using perl for security in that situation would probably be sloppy at best. As for preventing your hard drive from filling, perhaps you can make a log of people who submit the form, and prevent people from submitting too many times. You could also have the script check the total number of files submitted and just crap out once that number gets too high (or maybe automatically compress/archive them)

I also used the Black Book for my first/main Perl reference. Informative, but HORRIBLY organized