You have CGI scripts running on production which use CGI::Carp? Bad idea. If someone finds a security flaw in your script, this will give them debugging information as they explore the breakage into an attack on your script.

I strongly recommend finding a way to conditionally decide not to use CGI::Carp. Such as loading it at runtime, or doing as perrin suggested.