Mostly seconding the points driven home by other monks, but:
- use taint checking
- use strict and use warnings
- use taint checking
- NEVER run apache or a CGI script as root or with suid (suexec is a whole other discussion, however)
- use taint checking
In case you couldn't tell, the biggest point if security is your top priority (and when is it not?) is to use taint checking :)
__________
The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it.
- Terry Pratchett