I always try to prompt for passwords (like your second example) but I usually also leave in a command line option to specify the password, in spite of the risk. One thing I do to minimize my exposure is to assign to $0 as soon as possible. It's not at all secure, but depending on your application, the added convenience might be worth it.

#!/usr/local/bin/perl -w

BEGIN {
  my $filename = $0;
  $0 = $filename;
}
[download]