You don't need Perl for this - look into
Dynamically configured mass virtual hosting - here's a particularly relevant snippet:
A homepages system using mod_rewrite
<snip>
RewriteEngine on
RewriteMap lowercase int:tolower
# allow CGIs to work
RewriteCond %{REQUEST_URI} !^/cgi-bin/
# check the hostname is right so that the RewriteRule works
RewriteCond ${lowercase:%{SERVER_NAME}} ^www\.[a-z-]+\.isp\.com$
# concatenate the virtual host name onto the start of the URI
# the [C] means do the next rewrite on the result of this one
RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
# now create the real file name
RewriteRule ^www\.([a-z-]+)\.isp\.com/(.*) /home/$1/$2
# define the global CGI directory
ScriptAlias /cgi-bin/ /www/std-cgi/
This also changes the url to www.username.yourdomain.com, which your users would probably love...
Update
I just realized this doesn't solve the question of user authentication. <sigh> I'm tired. I need a vacation.
For authentication, combine this with
mod_auth (not sure if that can be done dynamically) or .htaccess (which you were already doing).
Update 2
Another swing and a miss by
bean! Strike two! While my suggestions are, of course, brilliant, I guess I didn't read the question very well - you want to use your perl script to show the users' directories. While the wisdom of doing this is debateable, I'll answer the question posed (perhaps you want to serve advertising on the directory listings, I don't know).
If your users can access their directory trees directly, follow my previous advice - otherwise ignore it.
.htaccess files won't help if the perl script is accessing the directories instead of apache. I'd suggest giving the user an encrypted cookie with her name in it (or a key the server can use to find the username) - then just check the name against the directory being accessed (I'm going to assume the username maps to the filesystem somehow). Be sure to collapse "/../" into "/" - and watch out for url encoded dots (you know how %20 is a space?). I think someone already suggested this...
Update 3
Ok, I thought of good reasons to do this in Perl - you want to provide filemanager-style access, right? So the user will be able to add/delete/move directories/files, upload, etc. In which case you will have to do some sort of cookie check against directory thing, and will have to deal with people trying to mess with the files of other people via "/../". I'm going to assume people will be able to access their files and therefore their directories directly (it would be sheer folly to try to reinvent the most basic function of Apache), so you'll have to do something like my previous suggestions as well if you want to keep them from seeing each other's files. I'm going to stop adding to this comment now - it's just near and dear to my heart, because I was once the head of the Orbita homepages system <sniff>. Good times... good times. Over and out.