The only security problem really is: if the web server ever is misconfigured (to not execute scripts), people hitting the web server are shown your code. Since events.pl is in cgi-bin (not public_html, i.e. outside the document root), a misconfigured server would likely refuse to serve it. This is very much an issue in PHP, too, but nobody pays attention to it.
You can mitigate this by putting the important parts of your code in libraries outside the document root.
(I did gain access to one web site's code once because the administrator apparently had reinstalled the OS, set the web server running with the default configuration, and restored the old content before fixing the configuration.)
|