For reasons stated on the apache site (look at the ssi docs here), using the exec option for executing commands is considered dangerous. Heres a reason why:

        <!--#exec cmd="ls" -->
[download]

They recommend that includes are turned on without the exec option available. This is the recommended method:

 <!--#include virtual="/cgi-bin/counter.pl" -->
[download]

You can still pass arguments to your script, though I admit I have only done this using GET style arguments. ie:

<!--#include virtual="/cgi-bin/counter.pl?offset=1000" -->
[download]

HTH

Simon