Do bear in mind that Perl can execute bits of code as it's compiling,
so if a bit of code is untrustworthy, you shouldn't be compiling it
in the first place, unless you've prescanned it to reject C<use>,
C<BEGIN>, and other macro definitions, or (more usefully) have hooks
in the compiler to catch and validate those bits of code before
running them. Doesn't do you much good to disallow
eval 'system "rm -rf /"';
at run time if you don't also catch
BEGIN { system "rm -rf /"; }
at compile time...
(Sorry if I'm just pointing out the obvious.)
Larry
