I'm glassy-eyed at the moment, so can't offer anything directly responsive to your immediate question... but line 27 set off my alarms.

That's NOT all you need to remove:

use diagnostics; and use CGI::Carp qw( fatalsToBrowser ); don't belong in a live script; especially fatalsToBrowser. That gives someone with malicious intent information you don't need to offer.

As to the uname and p/w data in lines 15-20, you'll find numerous threads here on alternate ways to provide better security; as it is, Apache (or whatever server you're using) need only hiccup at just the wrong moment, and you've given away the store; in fact, not just the store, but also the block and city.

See also those threads dealing with "placeholders" for additional safety tips.