You could use a very simple config file (call it eg .secret.config to make it hidden) such as:

first secret
second public
[download]

and parse it with ConfigReader::Simple like:

use strict;
use ConfigReader::Simple;

my $config = ConfigReader::Simple->new(".secret.config");

print $config->get( "first" ), "\n";
print $config->get( "second" ), "\n";
[download]

Update
Of course hidden is not read protected. It's just that you don't see your settings in the code. To get more security you might want to protect the config file with a mode that only the executor can read the content ... but then how can the developers test the thing?