You could encrypt the GET parameters and decrypt them on the target script.
Something like

use Crypt::CBC;
use MIME::Base64;

my $key = '...';
my $crypt = ..... #construct

my $params = "username=$username&loggedin=1";
$params = cipher->encrypt($params);
$params = encode_base64($params);
$params = unpack("H64", $params);

print $cgi->redirect(-url=>"http://localhost/cgi-bin/main.cgi?params=$
+params");
[download]

Now, on the main.cgi you must parse the params

use Crypt::CBC;
use MIME::Base64;

my $key = '...';
my $crypt = ..... #construct

$params = pack("H64", $params);
$params = decode_base64($params);
$params = $cipher->decrypt($params);

# now split $params in order to get username and loggedin
[download]