I think it's very secure.
Yeah, that's not really an issue anymore.... First of all it's no longer written in Perl. And all the globals are registed at the top of every script... so you can't add variables into the URL of a script - as the top of every script goes through every variable that it uses right at the very top.
For example
// Get the input
$Cat = get_input("Cat","get");
$Baord = get_input("Board","get");
$Whatever = get_input("Whatever","post");
$FooMoo = get_input("FooMoo","both");
This will tell each script how it's allowed to accept variables. Either by get, or post, or both. If the variable is received from the wrong method... it ends up empty.
Dave_L is probably the best one to comment on security issues. He's really good at that.