It seems to me that if you allow DBI::do and DBI::connect, you'd just as well allow the whole DBI. Safe doesn't care about what's actually in the SQL statements anyway.

Safe is for restricting perl code. Not for restricting remote systems / processes that are accessible to that code.