in reply to Production Environments and "Foreign" Code
Any CPAN module worth installing is (at the least) going to run a few basic tests before it is installed. You can add your own tests if you want (usually just a matter of adding a script in the t/ subdirectory of the module). You can audit the code if you want--a tedious task, but a far better use of expensive programmer time than rewriting it. Something as popular as an XML parser is going to be widely used and tested, so you may not even bother.
If your employeer still wants it rewritten, I'd just give up and go along with it. It's their money to waste. I suggest documenting all your suggestions before hand, so that when (almost certainly not 'if') the whole project turns into a stinking mess and management is looking for someone to blame, you have something to point at.
Reinvent a rounder wheel.
Note: All code is untested, unless otherwise stated