CPAN isn't without it's examples of releases containing bad/dangerous security practices. With any unmoderated repository this is going to be an issue.