I'm curious, does the person suggesting the non-SSL option have any reason for why people should want this? I can't think of one. The idea of transferring any kind of financial data over an unencrypted connection give me the shivers to be honest.

Regarding the authentication authority, if you've got a mixed environment where you need both a filesystem and a database to work off the same authentication data you should take a look at PAM, which allows you to use a backend of your choice. Most databases can authenticate against PAM, and there are various CPAN modules for this. Using a tried-and-tested authentication layer will surely make your app more secure. The PAM mailing list may also be a good place for specific questions you have.