He controls the source of his program, but perhaps he doesn't have complete control over the contents of the data file. If it's not from a trusted source then running it through require would execute any code contained therein and wouldn't be a good idea.

So basically you have a program running with extended privs that can possibly load files from unwanted locations.

Sounds like you have issues controlling access to your runtime environment. You have bigger issues. If you are running a perl program as root and are concerned about joe user messing with it, you have a system wide security problem. If you are instead concerned about someone taking your software and shooting themselves in the foot because they wrote some (though not malicious) code in their own config file that accidentally did something stupid, get used to the Unix idiom -- if they shoot themselves in the foot, that's their problem for not reading the directions or playing with something they shouldn't.

Meanwhile, clueless users can be defeated with YAML or XML::Simple or INI/Apache style config files.

That's a lot of ifs (and still, not more insecure than say, running perl -MCPAN -e'make "some package"'). And the OP's first paragraph suggests he's writing the config files himself.