Note that CGI::EncryptForm is only supposed to encrypt data that is send to the browser in a hidden field and then send back to the script, to ensure that the data is not compromised by the user

Encryption doesn't prevent the data from being "compromised" by the user. Source authentication (e.g. a message digest) does. There is no authentication in CGI::EncryptForm. It was plainly designed by someone with zero experience in cryptography. Do not use it.