I agree with the sentiment and general comments above but consider config as altered by someone malicious or just not too quick or accidentally left over from a paste buffer...

# 500 lines of config omitted...
$blah = qx( rm -rf / }; #syntax error intentional for "safety."
[download]

Config to me implies non-trusted users. The worst you get with malicious/wrong XML/JSON is a broken config load (YAML is a little deeper, you can include code but it doesn't execute the same as `eval` or `perl ...`). If your config is code... well, it's code, not really config anymore. The separation is perhaps arbitrary, so if it's developer only config, Perl might make sense. The XML/JSON/YAML stuff is easier to generate from input though and it can be shared across languages and applications. I find YAML easy to write by hand and JSON(::XS) is great for machine/speedy stuff. I used it for marshalling data in the value slots of a DB_File just yesterday. :)