Other than that, I'd suggest you ask your sys-admin to fix their
security policy....
    

What about using wget or curl to read the file, and then use the
feature of H::T's "new" method to load a template from a variable?
(scalarref => $ref_to_template_text).

I agree that disallowing opening files on a system seems obsessive.
  
An "strace wget file:///home/..." shows that wget uses the open() system call.  I'd suspect that wget would also fail for the same reason.

For wget to succeed (in this conext), I suspect that it would need make a request to a http-daemon, which itself serves the file.

cheers,
Mathew Robertson