... which is better to use for a secure site... [perl stuff / PHP stuff]

It depends on what your definition of a 'secure site' is. If you mean something that might handle credit card numbers ofr another objective that requires a higher security level, then neither perl not php alone will suffice. Text is passed from the client to the server in broad daylight, meaning that the text can be grabbed anywhere along the way to the server. To fix this, you should immediately consider using the https protocol (a secure http protocol) if the data passing between client/server must be hidden from prying eyes.

If you meant 'security' as far as making sure that the person accessing the server is the person you think they are, then I suppose either solution (that of perl or php) would suffice. If you are already using perl for backend purposes, there is no reason to crawl towards php. CGI, DBI and Apache::Session would do, though I might suggest MD5 for the creation of session IDs. As already mentioned, merlyn's column on the proper use of cookies and session management is an excellent source of good advice on how to do things the right way. That column (like so many of merlyn's) is worth a read or two (or three).