I don't think there's a way to avoid the perllocal.pod bit (if there is, somebody tell me!) The real lesson here is: don't build RPMs as root if you want to make sure nothing on the system will be modified by the build.
Even if that was modified, it shouldn't show up in the list of "unpackaged files" unless the build root was set to /. A check of files in /usr/lib/rpm suggests that it's not set by default, so unless the spec file suggests a default, you can hose the live system. It looks like spamassassin.spec sets it to /var/tmp/spamassassin-root which should be safe, so I don't see how a file in /usr/lib/perl5 is getting inspected.
