so my plan was to allow apache to call these scripts via sudo, and tell sudo not to prompt for a password.

As of perl 5.6.1 (see perl561delta for details) what you describe is the suggested way. If you want to be extra paranoid (obviously I can't know what "secure enough" for your environment is ;-) you could chroot the scripts as well.

-- Douglas Hunter