I never check, but I figure I'd hear about it pretty fast if there were a problem. Accountability is a factor here, since it would be possible to track down a submitter and slap them with a large-sized lawsuit.

Also, the CPAN testers would be likely to spot a script that did nasty things.

Finally, Perl should run with the permissions of the caller, so a malicious module would still be unable to affect the entire system.

I do agree with the basic fear though. A module that is useful to root user could be booby trapped to mail /etc/password and the computers IP to a USENET group or something similar.

____________________
Jeremy
I didn't believe in evil until I dated it.