In general seperating concerns (your second aproach) is the appropriate way to do this--what makes mod_perl so cool is that you can hook into different phases of the Apache process! (ie. you can validate input, use access control, authenticate, and authorize all in distinct modules.) However, the appropriate approach is determined also by the current state of your code. For instance, if you are using AuthenHandlers, then use an AuthzHandler; however, if you're migrating your code (and using Apache::PerlRun or the like) then I wouldn't worry about seperating concerns.

Moreover, it depends on how concerned you are with speed; with regards to your final solution, I agree that restarting Apache so often may not be the best aproach--however, perhaps, if you put PerlCode into the Apache config file you could somehow finagle something? For instance, by having a requires statement that calls code, like what's in the Mod_perl book. I'm not exactly sure if this aproach would work, so somebody more experienced with the language should feel free to pipe up!