There are actually a number of really good nodes on CGI security already here on PM, including:

• use CGI or die;,
• CGI Security and the null byte problem,
• Web Security for CGI programs,
• Preventing DOS attacks with CGI.pm,
• CGI::Safe to CPAN,
• Security issues for CGI file upload,
• Re: Security with open() in CGI scripts,
• And the list goes on ...