I image that somewhere down the line your CGI will eventually execute command line/system utilities. You should probably become very familiar with sudo and the /etc/sudoers file. You'll want to configure sudo to limit the commands that your CGI (or the user your CGI scripts will run as) can run.