There's Safe, a core module that restricts opcodes. It seems to work, but I don't know how safe it really is.

I know that buubot allows execution of perl snippets over IRC in some kind of sandbox, it might be worth looking at how it does that.