It's a trade-off between complexity and using short lifetime temp files. Even using a source filter to on-the-fly decrypt encrypted Perl source will leave traces of the unencrypted source on the target system. I don't know how much risk bliako is willing to tolerate.