Just noticed CGI::SecureState in the CPAN nodelet. Might be worth a look. I also think that you should take a look at Free implementations of SSL (even if they generate certificate warnings at the browser). Your data is not safe if it leaves the server in an unencrypted form. If these reports are something the company would shred (for data sensitivity reasons) before disposing of them, then they should be encrypted during transmission.