I'm not saying put the main ProcessForm.php file in your cgi-bin, just the database connection file. While many servers won't run PHP scripts in the cgi-bin when accessed directly, they usually (in my experience) will allow the main script file to be outside the cgi-bin, but import a separate PHP script as an include from the cgi-bin. So, ProcessForm would be in the main site. The database connection info would be stored in the separate PHP file and imported into ProcessForm as an include.
Still not sure how a file in cgi-bin is any more secure.
On pretty much every server I've worked with, the cgi-bin directory is above the root HTTP directory on the server. That would mean there's no possible way to access the file from a web browser (you can't browse higher than the site root). If your cgi-bin folder is inside your web root directory, then there's not much point in trying to force PHP to run from there.
I can't speak for every server configuration out there. If yours is different, then just put the script where they work. You can always set special folder permissions to make things as secure as possible. Info is generally pretty safe in a PHP file anyway, it's just an added precaution. Take it or leave it - it's up to you.