Where CGI files can be kept is something which can be configured in the server. If the person who runs the server says they need to be in cgi-bin then trust them, even if they're wrong storing .pl scripts in odd directories can cause some really quite strange things to happen at times.

There's no limit on HTML files permissions. How were you setting the permission, and did they change afterwards? Not sure if an administrator can somehow stop users setting various file permissions on a security basis, it's been too long since I really hit Unix administration at all.

One thing to be aware of.. publically writable files are often seen as a security hole. Possibly a better way to do this would be to have a file created by whichever user the script runs as (Generally 'apache' or 'nobody') and have a symlink to this in your HTML directory.

Good luck with CGI, by the way. It's tricky at first but well worth persevering with.