If I recall correctly CGI has a 'sticky mode' so it can allow you to populate a second form based on the response to the first form. This is suitable for very simple situations.
You can't pass just @names to HTML::Template - you have to pass it a reference to the entire HASH, in fact you can even pass it the object and it will use the param method to extract the HASH!
A session system is good too, as you say TIMTOWTDI. If you need the capability of a session managed application, CGI::Session makes it very easy. Fortuantely most of the time my apps are session managed so the I can tuck things in a session and get them back as has already been described to you.
Data::FormaValidator and its close cousin HTML::FillInForm can be used to implement the same sort of thing with very flexible validation along the way.
POST method is safer than GET, in only a very minor way. But the sue of a sessioning system will allow the variables never to leave your server, so you don't have so much to worry about. It also means you can store other incidental information along the way as well and you can expire not only the entire session, but a part of the session. For example, my users have to log-in, but after 30 minutes of no usage they are automatically logged-out. By using the expire method of CGI::Session you can have a session which persists (as mine do) but the user needs to log back in again after a period of inactivity.
Our very good frinds, in teh form of Lincoln Stein and otehrs have been so gracious and generous as to bless us with CGI.pm and its related modules. Please do not make the mistake of trying to do it yourself.