Do you follow millions of lemmings jumping of the cliff just because "everyone's doin' it"?
I do not think that using an unlimited Perl parser as a configuration file parser is a good idea. On properly administrated Unix systems, the critical configuration files of CPAN and CPANPLUS should be writeable only for root. So if one can manipulate those files, perl and CPAN/CPANPLUS are your least problem.
On a typical Windows system with, for example, Strawberry Perl, EVERY user including the guest account can change the configuration files.
JSON, classic INI files, YAML, and even XML do not have this security problem. A malicious user can modify those files, make the application break, but he will not be able to run arbitary code (unless there's another bug in the application or one of the libraries used).
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)