1) Meta-tags, as previously mentioned, are one solution. What meta tags actually do is mimic HTTP headers (hint, hint), which is probably what you want to delve into because...

2) Using .htaccess and .htpassword is not necessary if you're doing the whole thing with CGI, but why not let the web server do the authentication work for you? OK, so it's not the most flexible or secure method in the world, but it's a start. If you're going to get into using cookies, be sure to read this. Understanding the HTTP headers involved in either method is a good idea.

Also, if you are doing the whole thing in CGI, and you have appropriate access to the server, take a look at mod_perl -- with this you can get at the authentication and access control phases of the web server process directly, as well as getting better performance for your CGI scripts (content handlers).

3) As has already been said, nothing is stopping you except performance. Databases and simple SQL aren't very hard to learn, and MySQL or PostgreSQL cost nothing -- not a bad investment even if you aren't sure you want to use them.