This is probably a bad approach, but I can't personally see why so maybe wiser monks can inform?
What if... the CGI is just a wrapper program? It takes the parameters, passes them along to another PERL script which does the real processing and returns a nice long HTML string. The CGI program receives the string, prints it back to the browser and... presto! Code is hidden! There will be a cost in maintenance complexity and in performance. But, aside from those issues are there any hidden "gotcha" issues that make that approach unwise?