this is not Perl-specific, but i would just set up your installation to use public-key based authentication instead of password authentication.

then, you can either set a null passphrase on your private key and trust OS level security to keep your key private, or use the authentication agent (ssh-agent) and enter your passphrase before invoking the Perl utility that uses SCP.

you may be able to use Expect.pm to do password based SCP, but it's probably way more trouble than it's worth (at least according to me).