The problem is that while SOAP::Lite is designed to limit SOAP calls to particular packages it fails to do it properly. As result this restriction can be bypassed and any Perl subroutine in any package can be called.

--
Ilya Martynov (http://martynov.org/)