the originating IP address is also uploaded.

Not necessarily, but for this discussion, let's assume direct connections.

You can sometimes discover who owns this machine, starting with the IP.

I can do the same by scanning networks. Why would I wait for you to install my module? :)

Ah, I know an exploit for perl 5.x.x. I'll bang on this IP to get root privleges.

Perl is not a netwok service and network services written in Perl can usually not be identified as such.

What? He's still using a 2.2 kernel? Wait till the chat forum hears about this! This fellow is using linux? I bet he'd be a good addition to the targetted list I am selling to Microsoft

Unrelated to the module installation.

decrease security

If you really think connecting to another host and thereby letting the other party know your IP address decreases security, please DISCONNECT IMMEDIATELY! THE WEB IS A DANGEROUS PLACE!

sometimes in an unattended fashion.

That's their fault. They shouldn't do that. Those who choose to do so take enormous risks already. They already implicitly agree to whatever license the module has, as not every module has the same license.