That is correct: each process or instance of the apache server runs one instance of mod_perl; which as you stated, runs one copy of Perl.

Hits against a web server can easily bounce from one instance to another without warning or control. You don't have to create "enough load" to do it: it automatically happens. My server is 99.99% idle and yet I can easily get a script to bounce from one instance to another with just hitting "reload" twice.

That's what makes this such an annoying "feature": you don't know if the instance of mod_perl (and CGI.pm) that your script is running on has had it's globals modified by another script. Multiple scripts WILL execute under the same instance of mod_perl (as my example showed).

A whole area of security has suddenly popped up for me. If I allow user-run mod_perl scripts; what's to stop them from modifying some globals in classes that I use? Nothing :-/

Update: tilly is correct, using local will correct for the above problem; but it doesn't help in "default" globals. I mean, now do I have to go through and reset by hand, using local, *ALL* of the globals that a package uses? Even the one's I would not normally touch? It seems to ensure that their values are correct, I do.