The default httpd configuration sets up the directory /cgi-bin/ to contain CGI programs. There are a number of useful demo-programs included.
There is a security concern with CGI programs, since they are run on behalf of the client.
Special precautions for CGI programs: HTTPD should be run as a non-privileged user, the CGI programs should be in specific directories, which are carefully administered by the "webmaster" and which have appropriate protections (not writeable).