Well, uhm I more or less wrote Filter::CBC for that purpose... or was it to hide my lack of comments? Actually, Paul Marquess already included a simple encryption source filter with Filter::Util::Call.

To clear things up, YES it can be done... in fact, YES, it has been done. You don't HAVE to provide the key since a few lines in a BEGIN block can query the user for the passphrase, instantiate a CGI session or whatever you want to do. I did a talk on source filters in general (at YAPC::Eu 2.00.1) which, among other things, explained how Filter::CBC works.

Greetz
Beatnik
...Perl is like sex: if you're doing it wrong, there's no fun to it.