For the ftp question, I love vsftp. Very secure ftp is just what it says. There is one config file, I think something like vsftp.conf. You can set it to allow anonymous access, or only allow local users access. I go with the local users option. That way you can restrict who sees what very easily. Of course you can do the same with anonymous, but I like knowing who is doing what where, and forcing the local users option does IMHO a "better" job that leaving it open to all. The documentation for it is very good as well.
I don't play with apache and cgi stuff much, so I'll leave that question for others.