Re: Update ...   No, it does not complicate anything that “the scripts are CGI code on a website.”   That is assumed.   The CGI servers are the ones who are recognized by the web server as being “authenticated” and then “authorized” to do certain (specific!) things, and, provided that only they are permitted to use the credential, all is well.   Furthermore, the scripts must be stored in such a way that the source-code form cannot be obtained in any way ... or by any other user of those same computer systems.   (Many shared-hosted sites are simply compromised by neighbors, as all of them are in the ftpusers group.)

You should also use firewalls to prevent access to the database servers et al from “outside.”

Use every means possible to ensure that the authentication tokens, even if obtained by a thief, cannot be employed by that thief.

Also note that there is nothing particularly Perl-specific about this discussion ... any other-language site on web site hardening would be equally apropos, and should be reviewed.