It has been brought to my attention that the website that im doing has a load of security problems. heres a few

login for .htaccess
because a cant stand the popup for username and password I have to check on my perl script first that the login information (username & password ) is correct. problem is though my host has the bright idea of not letting me put perl in html files - it doesnt execute so pl scripts are .pl which is really daft! Anyway the login information that is checked is there in the perl script and I dont wanna use db connections. So it took all of 3 min for a colluege to find the passwords and usernames.

Also Chaos said that this peice of code was a security risk but I cant see how - maybe someone can tell me why?

if ($ENV{'REQUEST_METHOD'} eq 'POST')
{
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;$FORM{$name} = $value;
}
}

CGI-BIN
If a server states that the perl scripts dont have to be in the cgi-bin dir then the scripts will work the same regardless of if there in there or not ...right? I mean the security will be the same aswel?