in reply to Re: Blatant security problem in certain CPAN module installs
in thread Blatant security problem in certain CPAN module installs
I think the point of checking is that you can't know what code was run when the module was installed (it could have installed a backdoor, whatever). And for some people that is an unacceptable risk, and they will want to know whether they installed any of the above modules, so that they make take appropriate action.
The Makefile.PL-fetched code gets called only once at the end of the make (assuming that it is the only place the code is called).