The best thing to do is to put the CGI scripts in a directory that is not inside the Document Root for any given website. Leaving it inside your DocumentRoot will leave you more open to possible intrusion. Apache has a directive named ScriptAlias that will let you redirect /cgi-bin/ to any directory of your choosing.