For real security, you'll want to use SSL (https), which your hosting provider should be able to install for you, so that user's passwords cannot be sniffed from the network.

MySQL is secure enough. Just make sure it's not directly reachable from the outside network - local connections only, get a good firewall. Again, your hosting provider should have this configured already. Ask them.

A good read for web security is the OWASP guide.

Some quick other hints:

Always use taint mode, strict and warnings for CGI programs. really, use all of them.

Try to use placeholders when using DBI and when you can't, use $dbh->quote().