Don't forget about file permissions. If this is like many CGI, you'd have to make it world read/writable.

You might want to look at something like suexec or cgiwrap. This will allow your script to run as a different user than the web server user, and then you can use file permissions to protect that data from other users.

If you're on a shared system, other users could read/write your data otherwise, either directly or by writing a CGI to read/write your data.

Even if you own the web server and you're the only user, this is a good idea, as it partitions data, protecting it in the event a different script or even the web server itself gets hacked.

In my environment, I create a new user for each different CGI task.

-Pileofrogs