Just ugly in my opinion, not awful. If you're going to use a global variable to store your user object then you might as well make your own instead of using %ENV.
You don't mention using the object across HTTP calls, which is good because as
grinder wrote, it wouldn't work anyway.
A module can access a variable in the main script/cgi file by using the $::variable_name notation, or you can fully qualify the name with $MAIN::variable_name. I like better to have a user object and pass it along to functions or to have the user object methods call the other modules functions/methods. Whatever rocks your boat, but leave %ENV alone if you can.
tstock