in reply to Re^2: Malicious module on CPAN
in thread Malicious module on CPAN

Maybe your reasoning for failing to actually explain how works (which is what would actually be used) is because it's probably easy enough to follow anyways and thus doesn't need any explanation.
Yeah, the live code botstraps "AutoLoad" instead of "RCX", and once the code evaluates, it fetches the real Module::AutoLoad, which is much easier to understand and uses MetaCPAN v1 API.