I have used Unix before on other machines, and the cgi-bin was protected somehow. Yet on the cobalt, the scripts and data files are out there in the open.
I've read that it's possible to turn off the handler for .cgi and .pl in the httpd.conf, and make the scripts have to be called from a /cgi or /cgi-bin directory that isn't world readable. Has someone done this on a raq4? could post instructions on how to do this?

scsi,
I don't know anything about Raq/their graphic user interface, but provided theyr run Apache, and I believe they do, here is what you should do in httpd.conf (/etc/httpd/conf/httpd.conf ?):

-Comment out the 'AddHandler cgi-script .cgi' directive, so that cgi files won't be executed anymore
-Add a 'ScriptAlias /cgin-bin/ /your-path/cgi' directive. Of course you should replace '/your-place/cgi/' with the path to the directory where you actually store your CGI files. This enables this particular directory for CGI execution.

I think you can then chmod this directory so that only its owner/group can read it, and use suEXEC to exec. them, but now we are getting in specific details about specific configurations, and I don't know enough about your configuration to write any further.