I test extensively with embedding (compiling to C) across all versions and most OS for a commercial environment on the net.

5.6.2 with hardened hashes is the best, memory efficient and speed wise. I know of no leaks. I posted my hash patch to p5p some year ago.

The 2nd best is 5.14.4 but it has the mandatory unicode and warnings/Carp overhead. regex cannot exhaust the stack since 5.10 but anything between 5.10.0 and 5.14.4 is not recommended.
I don't have the hash patch for 5.8 which would be needed for 5.8.2 - 5.8.9 (5.8.1 is fine, but then 5.6.2 is better)

I would also strongly recommend against 5.16 or 5.18 for security and maturity reasons, and 5.16 is very half-baked in handling binary names. 5.18.2 still not good enough to be trusted in the wild and hashes are slower.

5.20.0 is a bit better. It tests now at least against rogue syscalls, but still not against binary names, unicode is taking too much time and memory and random hash seeds got more secure but slower.

I wouldn't trust perlpolicy too much as p5p doesn't even understand the simpliest security concepts needed in the commercial environment and does nothing against them. They usually need to year to get it. And they are not too familiar with the code they are supporting. Their release schedule is fixed, so you cannot trust numbers, you can only trust stability, which needs a few major versions.

So:

1. 5.14.4
2. 5.6.2
3. 5.20.0

perlbrew and perlall apply the needed patches to build, perlall also has some more patches to help embedding with --allpatches. --patches=Asan against buffer overflows and --patches=Compiler to help perlcc for better embedding code.