Sorry, I deserved that, for being a bit flip in my answer...
Didn't mean to imply obfuscation was an acceptable security
practice...
What I was getting at was just this: The best I can do is set
permissions for my script as 0700. For my script to be
able to read the secondary file, the permissions on the
secondary file most likely would be 0600 with the same
owner as my script. So if that user account is
compromised, anyone who can read my script can read the
secondary file too. At that point I'm basically hosed,
so I might as well do what I can and hope the cracker isn't
a Perl hacker...
For the Apache server, I will definitely look into
DBIx::Password as suggested by chromatic.