I should probably think about what the class is meant to achieve a bit more... at the moment, it probably does a decent job of guarding against accidental privacy violations. But there are several ways to get round it if you really want to. Some of them could be avoided by more use of file-scoped closures (and putting all 3 classes in one big file). But the fundamental one:

package Foo;
use Class::Privacy;
#...

package Cracker;
my $f = new Foo;
CORE::bless $f, 'Foo';
$f->_violate_privacy; # works
[download]

... seems very hard to get round. (Note that this still protects $f from data violation, because the underlying hash/array/whatever is still a tied proxy.)

Unless there is a way to protect the object from reblessing, Class::Privacy can't really provide guaranteed privacy, and should probably be called Class::Encapsulation or something. One strategy might be to ensure that data calls always come via Foo from MethodProxy, but that doesn't protect you for methods like:

sub _explode {
 die 'I decided to blow up';
}
[download]

dave hj~