because it's supposed to run on operating systems that may provide only perl4 as default (many proprietary Unixen did until recently or perhaps still do even today)
You may be right, but I would be interested in your listing any platform or distribution that ships a perl earlier than 5.6.1.
Anyway, that's no excuse for the people who develop and maintain Webmin not to produce a secure version, with -T and best current practices. If such is being shipped as a package it should be made dependent on a recent perl package.
However, the real fault would belong to the administrator who'd leave an accessible webmin server on the web ! I wouldn't dare, even a secured, perl5 tainted webmin...
Depends what you mean by leave accessible. Would you entertain having the app available htpassword protected? You could always set it up so that alarm bells are rung if it gets invoked unexpectedly.
--
Oh Lord, won’t you burn me a Knoppix CD ?
My friends all rate Windows, I must disagree.
Your powers of persuasion will set them all free,
So oh Lord, won’t you burn me a Knoppix CD ?
(Missquoting Janis Joplin)