Neither JSON::XS nor the natvie JSON parsers in Javascript execute Javascript code. They all (should) parse the text and reconstruct the data structure using a JSON parser, not the Javascript eval statement, exactly for the reason of not allowing easy Javascript code execution within the page context.

The web application should support that by sending the appropriate content type - which is application/json, at least according to RFC 4627.

Using JSONP sacrifices that security for the convenience of circumventing the same origin policy.