I'm new to Perl as well and just finished writing a similar kind of script. My script asks for the password and merely passes it back to the same script and checks it against an unencoded password file. All subsequent browser/server transactions place the password into a hidden field to maintain user session continuity.
Is this lock tight security? Absolutely not. But my point here is not so much to offer you a solution, but to remind you that there's no need buying a $2000 alarm system for your Ford Pinto, right? Most likely, no one will trouble themselves trying to capture my password with a packet sniffer. Even if they did, they couldn't cause any significant damage because my data just isn't that valuable and its no problem replacing it with my backup files. I know there are some purists out there who would disagree but they are probably security experts and have an agenda of paranoia to push. :-)
As far as specific advice for your script, I would say be careful of using IP addresses as a way to verify a user. AOL user's IP addresses can change from page to page.