Here goes… 1. $dbh_quote is used all over, but not when it's not required where the variables have been pre-checked by parent modules. This is faster. 2. The denial of service you refer to I presume is the overloading of URI data, to be fair there are much easier ways to create a DOS attack than this. This I think should be left to the web server. Otherwise, you haven't given any credible explanation as to why CGI should be used over the internal method. 4. Not possible without object orientation. Nothing wrong with &{$_} either.