in reply to Blatant security problem in certain CPAN module installs
My strategy for installing perl modules is to never do so as root, and to never modify /usr/bin/perl. I think that this strategy has now been vindicated!
You know, the danger doesn't lie during the perl Makefile.PL && make && make test && make install phase.
It's easy to set up a perl-admin user and install perl, and
perl modules, under that UID. Sure, the user can wipe out the
Perl installation, but that's reasonable quickly restored.
The danger lies when the installed modules actually get used - then they might run as priviledged users, users that have access to valuable data or services, or whatever.
Of course, that's a well known problem, and not at all Perl specific.