Do bear in mind that Perl can execute bits of code as it's compiling, so if a bit of code is untrustworthy, you shouldn't be compiling it in the first place, unless you've prescanned it to reject C<use>, C<BEGIN>, and other macro definitions, or (more usefully) have hooks in the compiler to catch and validate those bits of code before running them. Doesn't do you much good to disallow
eval 'system "rm -rf /"'; at run time if you don't also catch BEGIN { system "rm -rf /"; } at compile time... (Sorry if I'm just pointing out the obvious.) Larry