You can run perl in tainted mode, where any data a script gets from I/O is tainted (i.e. flagged as unsafe and potentially dangerous). This is for example useful with CGI-scripts.
Data can be untainted by filtering it with a regex. In that case perl assumes that you have filtered any dangerous parts and the extracted data is safe now
As the code you are presenting does no real effort to filter anything the author was either absolutely sure that $command_str came from somewhere safe or he couldn't be bothered with security