Perhaps it has something to do with the issue discussed at CGI Security and the null byte problem? Basically, that node says that if you let a null byte (%00) hit a shell, when it gets passed through the C underpinnings of Perl, the C ignores everything after it (since strings in C are null terminated).
in reply to %00 causes server error
Maybe Perlmonks ignores any URI with a null byte in it for that security reason? Although, I imagine that the E2 code is well written enough that it wouldn't be very easy to hit the shell with user input.