Well the problem with the original code is obvious. The open invokes a subshell, which means that a shell reads the code. What happens if the subshell includes something like this:

' `rm -rf /`
[download]

Then the subshell would cheerfully try to produce two arguments for the child, with the second subshell being the output of...oops. :-)

As for the second example that they give. In open they say that opening "-|" or "|-" does an implicit fork with the parent process getting the pid of the child, and the child getting 0. So if you try to do that and get an undefined pid, well something went wrong. And if you did that and got a true pid, then you are the parent. But if you did that and got 0 then you are the child and need to do something else. Like call exec to become someone else without using the shell.

Of course all of this is rather verbose and complicated. It is far simpler to accomplish the task using IPC::Open2 or IPC::Open3. Here is (tested code) with IPC::Open3:

use IPC::Open3;
# Time passes.

my $pid = open3("<&STDIN", \*PIPE, ">&STDERR", $figlet, $str)
  or die "Cannot run '$figlet' with argument '$str': $!";
print <PIPE>;  # Whatever you want here
[download]

I have seen IPC::Open3 work on Windows with 5.005, so this snippet is probably pretty portable.

Oh, you may want to glance at wait and waitpid if you are concerned about the possibility of creating zombies. That happens when the child dies and is left in a state where the process exists and cannot finish expiring until it tells you how it died. But you, the thoughtless parent, are refusing to listen and so keep it on in a strange half-life... :-)