There are ways to lock down subdirectories from being served by a web server. Even so, putting the executable for a general-purpose programming language within your document root seems like a terrible idea. Since you're not talking about a PSGI server as part of this scenario and talking about needing to put things in a particular directory, it seems you're likely using CGI.

Imagine you have CGI enabled within your web root. Now imagine for some reason the subdirectory containing perl within that web root becomes web accessible. The HTTP verb POST sends the request body from the client to the web server, which then runs the executable mapped at the requested URI. The request body is then passed in its entirety to that executable's STDIN. Eve fuzzes and futzes and finds your perl executable. She then POSTs arbitrary code, which then runs. Suddenly your system is a command and control system for a botnet or something even worse.