There's no point in flocking a file that you destroy before you obtain a flock.
But, getting to your taint issue, there's also no place in having a generic "untaint" subroutine. The act of untainting is always specific to the narrowest definition of what is permitted in the data. You don't have just "untaint", you have "untaint_username" or "untaint_hostname". And "untaint_email_address" cannot exist, because every possible character is possible in an email address. {grin}
Also, "tainting" is generally associated with programs running in "taint" mode, which I'm not seeing in your snippet. And when that happens, you need to execute a specific form of match to get rid of the taint.
Something like:
$data = /^([a-z]+)$/ or die "data isn't just alphabetic!";
$data = $1; # now grab the untainted version