I'm only guessing, but could it be a matter of the permissions on the file in question? One of the points made early in the perlsec man page is:

... Some of these checks are reasonably simple, such as verifying that path directories aren't writable by others...

If the file being passed to "do" (or the directory containing it) is not "go-w" -- or if some other directory in @INC has this property, that might be the thing that needs fixing.