Your communication is already over a secure connection. You should have a reasonable sense of security here. If my understanding of HTTPS is correct, the client browser is encrypting all data, sending it over the pipe, and then the receiving server is decrypting the data to hand it off to the processing script (your CGI). I would imagine this to be sufficient.