You could use

use CGI qw(-private_tempfiles);
[download]

As for the huge file, you could limit the size the a http POST can be, since file uploads have to be posts(as far as I know anyway.)
The CGI docs on CPAN, have a little more on these things.

UPDATE: You could always change the following line in CGI.pm.

# Set this to a positive value to limit the size of a POSTing
# to a certain number of bytes:
$POST_MAX = -1;
[download]

or set $CGI::POST_MAX equal to a positive value in your script.

- Tom