OK, so apparently the fapolicy with this security profile is just absurdly strict. I added a rule to /etc/fapolicyd/rules.d:
root@corp:/etc/fapolicyd/rules.d# cat 65-perl.rules
# Allow all perl script execution and sourcing
allow perm=any all : ftype=text/x-perl
… and things seem to work now. phew