This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with.

Know the risks, understand the issues, and use the -T option to help you catch dangerous code.

-sauoq
"My two cents aren't worth a dime.";