I am runnig Apache with http. If run it with httpS and self signed certificate , Will it be better?

Yes it will because then your users' passwords will not be sent over the wire in the clear for any malefactor to read. It would be better still if your certificate were not self-signed.

I am also trying to add "onclick"funtion to my below login.html file to a give error message, if wrong inputs were entered. I am currently having them in login.cgi code. which way is better?

Both is better. Having it on the front-end prevents unnecessary round trips. Having it on the back-end too allows handling for those with javascript disabled.

Note that neither of these questions have much to do with Perl. You might benefit from reading up on the general basics of web server (and web application) security first.