While this will place an additional burden on your webserver, it can be done, so long as perl has permission and access to the image. I think you may be looking for something like:
#!/usr/bin/perl
print <<HEADERS;
Content-type: image/png
HEADERS
print "\n";
open(FILE,'/some/other/path/graphic.png');
binmode FILE;
{
local $/;
print <FILE>;
}
close FILE;
If you don't want to encode your own headers and are looking for a slightly simpler solution, check out CGI as well as one of the MIME modules.
I want to display is outside the web server directory because I don't want anyone downloading it.
This will prevent anyone from downloading the image directly, but will not prevent anyone from downloading the image through your cgi. The only way to display the image in the first place is for the clients to download the image from the server. While you can change your webserver configuration to preclude external re-displaying of your image, you cannot expect to put it online and have it viewed without having been downloaded.