What exactly means 'insecure'? Security could be broken in so many places in so many ways that the web app is the last link in the chain. You have the infrastructure, the access to the servers, the OS, firewalls, the server engine, perhaps I am missing something. Tha app is on top of all of that. It is secure as much as you make it. You want to learn, how to develop web apps? Good! Security is a whole new world. I am not saying that you should not concerned about it.
Write the app/web page then test its security.
Quote: I was able to run a hello world program via the cgi bin. However, I read that running a http://www.domain.com/app.py style program was very insecure.
It's not about what you are using but how. In almost all cases security could be broken because of human mistakes. Or incompetence. From that point, there is no security at all. And this is correct. Any system, network manager, any web developer knows it. All you can do is to reduce the risk of a breakthrough. This means learning, practicing, testing. Logging not to forget.
Because you are asking about CGI security risks, take a look at this:
https://www.w3.org/Security/Faq/wwwsf4.html
If you read it carefully you will see that security is not about the what you are using but how. If everything depends on you. But that never happens.