Looking at that code they probably didn't actually have a professional Perl developer on staff. The code isn't terrible, but certainly a far cry from good. It doesn't help that back in 2005 all the books for learning Perl were still teaching a code style from the early 90s.
Edit: I revise the terrible bit, it's a little terrible, as it has SQL injections.
It's full of SQL injections, to start. (I really like using the subdomain name from the HTTP_HOST environment variable in a SQL query. That's a new attack vector I hadn't considered.)
It's full of silly inefficiencies, such as iterating over an array and preparing distinct but trivially parametric queries for each element.
It has a strange mix of effectively package global lexical variables and block-scoped lexical variables, which means that running this in any sort of persistent service model would be very buggy.
It looks like it ignores parts of the CGI standard.
It looks like it takes database connection information from cookies (except it never uses that code).
The `find_node` function looks like it's using the wrong data structure entirely, but that's okay, because that pattern's repeated a few times. That's doubly suspect, because this seems like the sort of thing a WHERE clause in the SQL query could handle (though to be fair, it might require a subquery, and the version of Mysql Facebook had deployed in 2005 might not have supported those very well; I don't remember).
