why, exactly, would one wish to XOR the source code with a string?
I don't know how the internals of PerlApp works. There might be a technical reason for it being XOR, or it might be a hold-over from a previous version that tried to hide source code. But at this point, it doesn't matter...ActiveState's stated intent is not security, but a packaging tool in the present incarnation of PerlApp. Not that it will be like that forever, but it seems like a window of opportunity to figure out how it works and possibly replicate a free version.
Truthfully, I haven't investigated the perl2exe from indigoperl claims of source code protection. The point seems moot because it isn't true as the above discussions point out. IP, in that case, is protected more by threat of lawsuit than technical reasons. PerlEx, the ActiveState product that's like mod_perl for Windows platform web servers. And that is an odd statement about encryption on the product web page.
My apologies for coming off a little over the top, I just couldn't understand what was being said. I consider myself more enlightened at this point, thanks to Ovid.