I'm not sure if you're writing from scratch or modifying one of those "bad" CGI scripts that are out there (or even one of those "good" scripts that use perl -T and cgi.pm). But a couple points couldn't hurt.
The command line flags you give to sendmail will be important for security. You will probably need to use -t and -i. The -t just tells sendmail to get the "To" and "Cc" information out of the headers of the mail you are sending. Unless you are root, you have to have a truthful "From", so that will be determined by the setup on the web server. The -i is very important. It tells sendmail that it should ignore any periods that are sitting on a line by themselves (this is the normal way to end an email in Unix) and wait until it receives the end of the input stream instead.
The reasoning here is that if you are in a CGI environment, an evil user might put a period alone on a line inside of a comment section, for instance, and then the remaining characters are being thrown at the OS (and being possibly executed, depending on how things are set up). The -i will avoid this dangerous situation.
According to the Module Reviews, the Mail::Sendmail module will work in both Windows and Unix, and may thus solve your dilemma.