The Java plugin doesn't just prohibit access to the local file system, the standard library has a very sophisticated mechanism of permissions in the java.security.* package. This allows for very fine-grained permissions that can be set via properties. I've actually used the latter to run students' code on my machine ;) This all goes down into the JVM which is aware of these permissions.
To make a Perl plugin would probably mean a lot of work to build a perl interpreter that would support some kind of nontrivial security model.
Just my 2 cents, -gjb-