Heed the anonymous monks recommendation. Try to split your code from the data that will be modified. Your script can read the data file, protect itself from malicious changes outside of your script ¹, and do other types of bullet-proofing.

Footnotes

1:

For example, your script, A.cgi, is "secure" ², but B.cgi is not. $baddie uses B.cgi to change A.cgi to something that A.cgi would normally filter out. A.cgi is no longer "secure".

2:

Since A.cgi is writable by the web server, I would argue that A.cgi is not secure.