Depending on how exactly you are using this, you could build it into a custom search command. Let's say you create the command "fetchcgidata", and this command points to a Python script that exists on the indexer. You could put the CGI credentials into that script and then call it from your dashboard. The script will run on the indexer, fetch data from the CGI and return it in some way you prefer. Because the client only sees the custom search command being called, the credentials are hidden from the client.