I'm not sure why you are asserting that all parameters must specifically be untainted. I would tend to agree with Juerd that unless you're using it in a system call, it doesn't pose a security problem. (theguvnor would welcome any enlightenment to the contrary).

On the other hand, I don't understand Juerd's assertion that Perl's tainting is such a problem.

1. You don't have to run -T if you don't want.
2. Even when you use it, you only have to untaint those variables that you want to use in system calls.

So I don't know why Juerd is so down on Perl's tainting mechanism...

..Guv