This is rather a HTTP/HTML question. First thing to do is to replace GET with POST
(Content-Type: application/x-www-form-urlencoded).
The former will put the attribute value pairs into the HTTP requests URI (after index.pl and a questionmark - the line you see in the browsers address-bar).
From a security point of view, this is still insecure. It can be improved by using HTTPS and/or message digesting the credentials.
With respect to the Perl aspect of this question, have a look at CGI - it has been removed from the Perl core recently, so you might need to install it from CPAN.
For a more modern approach have a look at Dancer or Mojolicious.
Update (see question below): Have a look at the
PRG
pattern that avoids the browser's warning when reloading the page or using the back
button.