Read the documentation for lynx, specifically the -restrictions part which allows you to disallow things such as executing a shell (lynx -restrictions=shell). There's also no reason why the person executing login.pl would need permission to delete it, so an rm -rf login.pl shouldn't be a concern.
Actually, "rm -f login.pl" will work no matter the permissions in this specific case as mt2k will own the "login.pl" file (since he obviously isn't an admin on this system).