Follow up story. I inherited a code base—for a financial website no less—with scads of string building SQL handling like this. It was a dangerously insecure mess. I wanted to refactor, rather than extend and muddy it even more, with DBIx::Class but it wasn't installed and as a contractor, I couldn't do it or even get a request answered. I noticed that SQL::Abstract was already there. But then I had the same, fairly wise, hesitancy you do. I was almost guaranteed to break a money making app and maybe get my contract cancelled if I started attempting to introduce better practices at the expense of a working app.
So, I started finishing the tests I'd been writing focusing on testing the SQL generating routines. When I had complete coverage, which did not take long, I started to refactor with SQL::Abstract. A couple days later it was all done. I did indeed break several things at first and misunderstood a few parts so my new code was wrong but the tests told me my mistakes. It went into production a week or so after I started without any problems at all.