I've come across this very behavior in other applications. Not Perl scripts written by average-quality developers, but non-Perl enterprise-quality web content management systems, costing tens of thousands of dollars. I threw a fit when their command-line maintenance utilities required usernames and passwords be passed via command-line switches. I quickly re-wrote a lot of the maintenance scripts to prompt for the password interactively, but there are still lesser-used stuff that we'll still need to do it with. Thankfully no developers or anyone outside my small operations group has shell access to these machines.

As far as prompting the user for a password, check out perldoc -q password for ideas the FAQ has.