The expression $var = ";rm -rf /*;"; is an example of dangerous input - if this was passed to 'system', the ';' would mark the end of the previous command, and then system would execute the 'rm' command.

The qr/[^A-Za-z0-9._-\]/; expression creates a compiled regex - a variable with regex expressions in it that is 'ready to be used' in another regex.
Note that the character class [^...] starts with a 'hat'. This reverses the class so that it refers to all characters except the ones in the class. So actually the expression says "$var minus anything that ISN'T that lot.
This is often confusing I know, as the 'hat' is also used as an start-string anchor, but you get used to it :).