You ask about a very specific Perl problem, but I am dubious about the application you are trying to achieve.

Secure and Unsecure Passwords

What is this situation where you have clear-text passwords? Do you consider this a secure situation?

• If you are dealing with passwords, it's much better to store the encoded version than the cleartext version. That makes it harder for someone who obtains access to the file/DB to steal passwords.
• Secure encryption methods involve some form of randomization, commonly referred to as salt. Without salt, BadGuy can encrypt bad_pw and compare the encrypted form with your list of passwords. A match means someone was using bad_pw as their password. With salt, which can take on, say, one of a thousand values, BadGuy needs to encrypt each potential password a thousand times to determine whether it appears in your list, slowing him down.
• Prevent people from accessing the encrypted passwords. Someone who has the list of encrypted passwords on his own machine can try hundreds or thousands of common passwords a second against the list. Unsuccessful attempts to log in to your machine should invoke a one second delay. This inconveniencecs users only minimally, but prevents villians from testing more that 3600 passwords an hour, 86400 passwords a day. Of course, they could use several machines to test passwords, so you'll need to detect such distributed attacks and limit the number of threads which will respond.

Monitoring Passwords

Depending on the situation, it's good to test passwords for a certain standard, at the time the user wants to set his/her password. Check for common words, variations on the user's account name, etc. But testing should be appropriate to the circumstance in which it is used. If you are runnning a bank, it's suitable to insist users have secure passwords which are changed regularly. If you are providing a pay web site, the only problem with someone hacking a customer's login is that they are obtaining free access to your service. But the odds are they will distribute that login information, and you'll detect the site slowing down as hundreds of users connect, at which point you can disable that account to protect your site. The customer will eventually be in touch, at which point he can receive the standard lecture on insecure passwords.