I'm certainly aware that many modules even do this:
our $VERSION = "1.2.3_001";
$VERSION = eval $VERSION;
As documented in perlmodstyle, I think. The specific code I used in the example isn't unsafe. But the evaluation of a string can be unsafe if the string's source isn't well controlled. And if the original poster were able to hard code hex, he could do so using 0x literals. Since he's not using 0x literals, I assume that's because the hex strings are coming from somewhere external. And at that point the caveats about evaluating strings apply.
But you're correct. What I posted isn't inherently unsafe. The practice is inherently easy to make unsafe, though.