The reason that PHP is often put into Safe Mode in multi-host webservers is because PHP is often embedded into the web server (it doesn't have to be, as PHP scripts can be run in a CGI environment, but it usually is). This means that all PHP scripts run with the permission that the web server runs as. So your PHP scripts then have the ability to do anything that your webserver has permission to do. And since all PHP scripts across all the websites run as the same user, you would have the ability to change any files that were writable by the webserver, and to read any code that other users have put on their websites (ie to look for database passwords and such in other PHP programs).

In a shared environment, perl is usually only available through CGI programs. Most webserver allow you to run CGI scripts as a different user for every website. In apache this is done through the suexec module (I don't know IIS so you will have to look that up). Since in this case all scripts run as their own user, they can only read and change files that they have permissions for. This makes it much more secure. Perl can also be run as part of the webserver using mod_perl, and in that case it suffers from the same security concerns that PHP does.

Of course if you let a user execute a program on your server, they can look at any world-readable file on the system and write to any world writable file, so you will need to make sure that your system is sufficiently secured (again on Windows I am not sure how to help you, and that is a topic beyond this forum regardless). Also, your users will be able to do nasty things like run programs that suck up all your CPU (either malisciously, or through silly programming errors), or they could fill up your disk with junk bringing your server to it's knees. There are many ways to protect yourself against these things that you should probably look into.

Also, you should know that this isn't a specific problem with Perl. Any programming language will suffer from these issues, unless you run them in some sort of a sandbox where the user is limited in what they can see and/or do.

- Cees