A few weeks ago, MikeTaylor asked a similar question. Choroba's answer Re^6: Regexp substitution using variables explained the security risk. You really should 'untaint' (taint mode) your patterns and substitution, limiting them to substitutions that you expect.