That sounds fairly reasonable if you are very careful about database permissions. Keep in mind that you can run CGI scripts or mod_perl as a specific user with essentially no privileges on the local box. I also like adrianh's firewalling idea.