Well, if we want to be really careful about checking what $code is going to do, why not do some more analysis of its content:

my $codeBegin = "";
if ( $code =~ /BEGIN\s*\{/ ) {
  # tricky part here: try to locate the matching close brace
  # (this would require parsing character-by-character, to
  # handle various quote operators and escapes -- a worthwhile
  # project for a module developer, not something I can do here).
  # check that part separately, assign it to $codeBegin and
  # delete it from $code;
}
# now check whatever's left in $code, and if everything's
# okay, then:
eval "$codeBegin $code";
[download]

But would we also have to check separately for an END{} block?