Just chiming in to quickly point out that eval'ing user-supplied input is, of course, a security risk. Even with regular expressions. Of course, you know your users and the level of trust you place in them. If your users are "the web", however, things could get hairy:

# using the 'eval' feature of a substitution...
$regex = "s/foo/system 'rm -rf /'/eg";

# ... or even...
$regex = "m/(?{ system 'rm -rf /' })/";
[download]

If you're coming from the web, you should be running under taint mode anyway, and Perl will stop you before you hurt yourself.

As far as further optimizations, I think it would really depend on what your requirements are. If users are supposed to be able to supply any Perl regex they'd like, [id://ikegami] has given you a nice way to isolate the eval() and run it only once.