Aside from the CGI being more vulnerable from a security standpoint, which I don't fully understand myself but have heard to be true. Installing PHP as an Apache module is also more efficient. For instance, as a CGI the php.ini configuration file has to be opened, parsed and whatnot every time a script is executed. That means that any extra extensions also have to be loaded every time a script executes. Whereas as an Apache module all of that is loaded when Apache starts, eliminating the extra overhead.
Have you some across this manual entry yet? It describes the CGI security vulnerabilities in detail and how to prevent exploits.
A PHP/C-Client/PEAR solution for webmail