it's better to compromise the webserver with mod_perl than compromising your entire server with, say, PHP

While I mostly agree with your points, this one misses the intent of the mention of mod_perl's shortcomings, I think. First, there's the fact that while PHP can make it easier for a malevolent security cracker to screw things up with malice aforethought, mod_perl can make it easier for a clueless webhosting customer to screw things up accidentally. Second, whether PHP or mod_perl is the greater risk, it's the risk factor of mod_perl as perceived by the webhosting providers that creates a problem with ease of Perl use for web development, not its actual imposed risks, because that perception induces webhosting service providers to disallow it. It may well be true that mod_perl is a safer option than PHP, but if it's not available to someone that needs to do some web programming, that would-be Perlist will instead become a PHP scripter or Pythonista if PHP and/or Python are more accessible.