What you're planning -- allowing a junior webmaster to update a production server -- is frought with peril. You can make it somewhat safer by providing the junior webmaster with a test environment that includes your script, running under the same web server. Require that he first test his "plugins" there.

To be even safer, arrange for the production server to not accept a plugin unless it's been (successfully) run on the test server. Have the test server generate a special hash of the plugin, use it as the upload password, and have the production server re-check the hash against the plugin, discarding the plugin if they don't match.

Digest::MD5 generates hashes. To prevent spoofing, append a known-to-the-system passphrase to the script before hashing.