Q2) Do we live in a post CGI-bin world? This looks pretty ancient to be worried about buffers.
The author of that code has chosen to be worried about buffers and that is therefore his concern. He could instead have chosen to use something like CGI::UploadEasy and not given two hoots about buffers. Personally I wouldn't worry about the use of a buffer either way. I would be more concerned about not checking the result of open(), printing out plain text in a text/html MIME type response, indenting oddly/inconsistently, using an unreferenced label and some quaint old-time syntax. :-)