Tim Bray warns of the dangers of Ruby Gems as an attack vector. The risk is that basically anyone can create a Gem and make it available using the gem installer.
I’ll say that this is why real systems administrators detest the various packaging schemes that scripting languages offer. It’s generally a much better practice to manage libraries through the operating system’s centralized packaging system — Red Hat’s RPM, FreeBSD Ports, Debian/Ubuntu’s APT, and so forth. Administrators who want to go beyond the vendor-approved repositories for packages are free to do so, but packages from the vendor list can be installed with relative confidence.
Who knows what to expect from packages from CPAN, PEAR, RubyForge, and the like? (This also ties into my longer argument about why developers are the natural enemy of the systems administrator, but I’ll get into that some other time.)