Things like this can be a little "interesting" from a security p.o.v.

Have you considered forking off a child process to run the external script then validating the output doesnt contain anything naughty?

As an optional extra you could embed a checksum in the cgi, then verify the checksum against the external script. Its far from water tight, but if you secure the cgi, you can give yourself some indication there has been an unauthorised change to the external script.