I just want to make one thing clear in case there's any confusion. If you're concerned about security at all, no method of writing CGIs or using an .htaccess file is going to keep a would-be cracker from gaining information unless you are using SSL (Secure Socket Layer). If you don't see https:// at the front of your URL, you're sending data in the clear. Just FYI.

It's late. I'm going to bed!

-Matt