If you are creating a pdf that has 755 permissions on the webserver, you can have your script open a new window with the link to the pdf as the address, rather than overwriting the current window. I know in HTML you would make a link like <a href"http://blah" target="_new">pdf</a> however I don't know how to do this via CGI, but read the docs, it is probably in there if it can. Worst case (and I do mean worst) Javascript can pop open new windows with a specified address. There are modules to make Perl capable of sending parameters to Javascript, but I would HIGHLY reccomend AGAINST using Javascript if AT ALL POSSIBLE.

However, if you're looking for security, I don't know what my solution will buy you , this pdf will be 755 readable on your server and could conceivably be read by anyone, (and if you use Javascript you are opening up another can of worms security wise too). I guess my point is, be sure you name this pdf something cryptic, and delete it in a timely manner (via some kind of cron job) so they are not constantly acumulating world readable pdfs full of your clients data.