I have mixed feelings about this sort of thing. There's an element of trust needed for CPAN to be effective - and I think this sort of activity misuses that trust. Yes you shouldn't install as root, yes you shouldn't install anything without knowing what it does, yes you shouldn't install without checking the source for backdoors etc. (But how many people checked through every line of the source of 5.6.1 to make sure that it wasn't ftping/etc/passwd somewhere? - how many people installed KDE 2.2 from binaries because they couldn't/wouldn't compile the sources) I don't like information being collected/transmitted without warning/my permission - even if it may be for good reasons.