#Psuedo Code
my $q = CGI->new();

if($q->param("password") eq "my password"){
  my $base_dir = '../secure_docs/';
  my $requested_file = $q->param("file") || '';
  if($requested_file =~ /(\w+)/){
      $requested_file = $1 . '.html';
  }
  else{
      exit;
  }
  my file = $base_dir . $requested_file;
  if(-e $file){
    open($fh, $file);
    print while <$fh>;
    close $fh;
  }
}
else{
   exit;
}
# of course, there are other/better ways...