CGI executable powered by MacOS X image

Given your statement "pending investigation with authorities", you will want to continue to discuss this with your legal counsel, and with a forensics provider if and as that discussion is deemed appropriate.

Apache is capable of and can be configured to run CGI apps, yes.

As for the rest of it, check with school IT, and—for differences from the expected or for install-related concerns—check with a clean install of the same version of macOS, with or without macOS Server installed.

What an organization installs varies, as do macOS installs.

Much (all?) of what you reference is not installed by default, though can be added.

As for the path alluded to, some versions of macOS Server do have /Library/WebServer/CGI-Executables/, but not much is found in that in the default macOS client install. Certainly not macOS client on recent versions. Conversely, macOS Server used /Library/WebServer extensively.

Web browser references to /cgi-bin/ are usually configured to reference the contents of /Library/WebServer/CGI-Executables/, as well.

Check Time Machine backups, if questions arise about when some component was added or changed, too.

macOS Server had a "powered by" shown by Apache in some contexts, as did at least some configurations with macOS client. Here's one older version of that client logo:

macOS Server and OS X Server IIRC included "Server" in their default displays. I don't have one of those OS X Server or macOS Server configuration images immediately handy.

Different versions had different displays, as well.

This is all fodder for discussions with legal counsel, and most of what you're reporting here is related to your Apple IDs and not (or not overtly, at least) involving macOS.

The following text is written generically, as I am unfamiliar with the issues being reported here, with the macOS configuration, with the reputed Apple ID hijacking(s), and with the particular Apple ID security in use here. You may well have multi-factor authentication enabled, for instance.

Nothing here so far indicates anything malicious has transpired with the unspecified macOS or OS X installation, and there's little detail provided here past suppositions and past allegations of Apple ID compromises.

Compromised Apple IDs can and do arise, and those usually separate from malware. Phishing, password re-use, shoulder surfing, there are various paths that can lead to compromise. Various folks still don't have MFA enabled on their Apple ID, as well—MFA provides a last-change means to block a compromised password leading to a compromised Apple ID.

• If you think your Apple ID has been compromised - Apple Support

If you are interested in learning about web-only iCloud accounts—this is an Apple ID with little storage allocated—start here:

• Web-only access to iCloud - Apple Support

For reviewing Apple ID account security, and for enabling MFA if that's not already in use:

• Personal Safety User Guide - Apple Support

There are far more requests for (free) forensics assistance than can be provided, as well. Most of these forensics requests will unfortunately have little or no corroborating evidence available, as well. Requests of "is this okay?" telemetry and logs and related details are not uncommon, and so far all I've encountered posted around here have contained nothing malicious.

And complicating any of these "have I been hacked?" discussions, proving a negative—conclusively proving no compromise—is usually impossible. If you think you've been hacked, erase and install and update to current, and change all passwords. No small effort, that. Trying to chase down all potential backdoors is less than easy and less than certain, and that's given direct system access.