The only pitfalls with the htpasswd method that I can think of is that your username and password are transmitted in clear text over the network. Whilst this is true of most methods (unless you use certificates or https) it does limit this particular method of authentication.

Additionally, unless you write some mod_perl code you are going to find it hard to expire a user (via timeout for example) as the htpasswd system does not cater for it. Well . . . not as far as I know at least ;P. Privileges, logging and custom session stuff are all out of the question too.

Having said that, if you are just starting out with CGI and want to get some basic authentication methods under your belt then this is a fine place to start. I started with this and had a lot of fun with it. Good luck! :)

As to your second question, if I understand you correctly you wish to use a htpasswd file as the means of storing user information. Well this is quite possible. From what I can tell, you should be able to collect the user information via a form and then compare the details against the file details.

A quick search yielded:

1. Tie::Htpasswd

Which uses Apache::Htpasswd. These would make your life a lot easier.