I’m not sure about the E-mail part of your question, but DH doesn’t create a CGI-bin directory. CGI works anywhere in the web-accessable area, are you sure that’s not a part of some program you or your client has installed?
If not, you should check into how thoes files got there. If someone is able to palce files on your account you need to change user names and passwords, and make sure all of your applications are up-to-date and secure. No one but you (and possibly your client) should be able to place files on your website.