I don't think there is anything in your example that could cause that...

On a sidenote, your CGI style could be improved. You import functions with :standard and then use the OO interface. Do one or the other. I prefer the functions unless you need to pass the CGI object around code. Here is a revamp of your code with a security and JS printing fix. Never send unescaped user input back to the browser. Paragraphs do not separate content, they encapsulate it. And please, please, please use CSS instead of things like -BGCOLOR=>'lavender'.

use warnings;
use strict;
use CGI qw( :standard );
use CGI::Carp qw( fatalsToBrowser );
use HTML::Entities qw( encode_entities );

my $js = <<"EOF";
function sub_dispatcher() {
    document.sql_tool.submit();
}
EOF

print
    header(),
    start_html(-title => 'Selection ',
               -script => [ $js ] ),
    startform(-name => 'sql_tool'),
    p(
      textarea(-name => 'sql',
               -default => 'SELECT * FROM Departments',
               -id => 'textarea1',
               -rows => 14,
               -cols => 70),
      ),
    p(
      button(-name => 'save2file',
             -value => 'execute write-in (above)',
             -onClick => "sub_dispatcher()"),
      ),

    endform(),
    hr(),
    ;

my $sql = param('sql');
print
    h3("From textarea: "),
    pre( encode_entities($sql) || "n/a" ),
    ;
[download]