He found vulnerabilities in (very old) third-party software written in Perl (that's the 1%) then did nothing but lie and attribute them to the language while demonstrating his (accidental or willful) lack of understanding of the language. His code slides often aren't even valid Perl, which is an achievement in itself.
Are you talking about CGI.pm? That was removed from core modules in 5.22 (in 2015) which was only the year before his talk. Debian Jesse even has Perl 5.20 as the stable version[1]. Centos 7 ships with 5.16. Of course you can have your sysadmin install an up to date version, but CGI.pm is still in play as part of Perl.
Maybe this year he'll talk about Perl 6 since 5.x is all old hat. ;)
No, the vulns were in software that used CGI.pm and used it naive ways. CGI.pm had a design decision in its API, that can lead to, but does not constitute a vulnerability, and is a feature to those using it appropiately.
Examples, with explanation of wrong in comment. First talk:
print $hash; # he accompanied this by a dump of the hash, when in reality it would print the reference id
print ($a, $b, $c); # same thing as above, pretends it does a dump, when the reality is wildly different
He does these repeatedly in his second talk:
$arg1, $arg2 = @_; # assigns the length of @_ to $arg2, instead of unpacking args. only the newest of newbies would get this wrong
if(ref $arg1 eq 'HASH') print $arg1{'key'}; # perl does not have block-less pre-fixed ifs
else print $arg1; # same with this, entirely nonsense
The entire style of his code (paren-usage, quoted hash keys) also smells of code copied from bad (w3schools) perl tutorials.
So he gave a talk on exploits he found but you call the talk "outright and clear lies", because you disagree with his conclusion that perl is broken?