How far do you want to go to limit unauthorized access to the internals? Without even const or public/private stuff like C++, the stated policy is to not provide that kind of compile-time checking but to let everyone play nice. There is always raw pointers and Devel::Peek, if it comes to that.

In general, you need to publish and stick to a well-defined interface. If someone goes around that, then all bets are off.

Personally, I want checking like we get with variables and "use strict". But since that's for my own benifit, not to prevent dirty tricks, it's acceptible to have away around it as long as it's not something that's easily done by accident.