If Apache is configured correctly as well with appropiate file permissions, no.
Apache is the web server software and it has to be told what files are ‘executable’. I am not sure if there is a list somewhere of all the files that should be ‘executable’, you can always ask here or contact support - generally this is determined by the file extension. If Apache does not know to execute a file, it will transmit the contents.
In order to transmit the contents it has to be able to read the file, so the file permissions would have to enable “world” read access. The browser would be told the URL is “Forbidden” if that is not the case.
In order to execute the file the directory the file is in, as well as the file itself, must be owned by your FTP/shell user account. In addition the directory and the file must have the permissions set to disable “world” write access. Otherwise the browser would get the “Internal Server Error” message.
A more important problem related to your questions is the data files themselves. Programmers might get lazy and expect you to install a CGI application and have configuration and data files along side the executable files. You would need to ensure these files are not accessible through the web. Even if you don’t provide a link to these files, an attacker would have an educated guess if he is familiar with the CGI application.
Regarding Perl, you should consider a file with extension .pm to be non-executable. This means if it is inside a web-accessible directory you should set the file permissions appropiately. Sometimes this type of file is used for configuration settings, but usually it will actually be part of the CGI application itself.
Hmm. Now I have question - should PHP files that are just includes be non-world readable, if I don’t have PHP running as CGI?
Perl / MySQL / HTML+CSS