kschwab, I have seen what you posted here: Encrypting Source Filter. Thanks!

It makes very clear what one has to do to achieve what I wanted, re: encryption and file contents eval. Also, by asking for a password to decrypt, it avoids saving the password in the file (like Module::Crypt does) which would be plain trivial to extract even without brute-forcing!

Based on your example, I will try to roll my own solution which will address one more concern I have: including (own) modules. All by specifying a single password. And also add a feature to load from net as well as from local file. I wanted to make the spec clearer in my mind before leaving an answer to your post.

On the other hand, I do not want to make too much noise out of this, maybe even placing this post was too much AFAIC, because I see code encryption like administrating hemlock for treating a very special case but can soon spread into mass hysteria.

The only weakness to this method is that one can attach to the script process and make a memory dump. With all modules loaded in memory, it would be easy to figure out the encrypted code and its structure. But if a hosting company takes such an effort to peek on my code then I would lick my wounds and put it on my CV!

bw, bliako

It's a trade-off between complexity and using short lifetime temp files. Even using a source filter to on-the-fly decrypt encrypted Perl source will leave traces of the unencrypted source on the target system. I don't know how much risk bliako is willing to tolerate.