Yes, that's where I began to learn how hard it is to safely accept user-supplied regexes, and started as an experiment in that regard. :)

The tester uses Safe and some heuristics to reduce the vulnerability to introspection of globals and special variables. It uses Sys::SigAction to time-out long running regexes (and consequently, has a tendency to segfault from time to time), looks for a few common "bad player" type regexes... and still isn't safe. But it runs in a little heroku world, and when it does get cranky its scope is limited.