Sounds like a great idea Ovid! I agree that security
should be discussed in depth, but I do not think it would
be near the "front" of the tutorial. To understand the
implications of security, it would seem you need a good
grasp of CGI as a whole. *shrugs* Perhaps I am wrong in the
placement, but certainly put security in there!
You have an excellent point about needing to understand CGI to understand security, but that's only part of the problem. A common exploit is using someone's dangerous script to mail the cracker a copy of the /etc/passwd file (and why weren't they using shadow passwords in the first place? But that's another issue). That's an OS and programming issue and not necessarily a CGI vulnerability. An understanding of race conditions, OS vulnerabilities and the "cracker mindset" should also be dealt with and these are not necessarily CGI issues.
I am rather conflicted as to the placement of the security section, but at the very least, a brief overview of security should be near the start of the tutorial with an explanation of why it is so important. Then, have security "checkpoints" throughout the tutorial to show possible exploits. It's too serious of an issue to not deal with up front.