While Windows seem to ignore the path to the executable, Perl itself is indeed parsing the flags (though taint is special here - later more)

There is a fuzzy line were a short script is still in a league with one-liner from the command line where terseness pays off and a "real" program which needs at least mid-term maintenance.

"Hiding" important side-effects of in short flags is not a good idea in my book, they need to be explicitly shown!

And those provisory "scripts" tend to live longer than expected.

So whenever possible avoid shebang flags for code which needs to be maintained.

> How else would you expect to enforce taint mode, for example?

Granted, it's in the nature of taint that it's hard to manipulate.

But when I test -T or -t on the shebang on Win, it's not activated but only checked.

d:\tmp\pm>perl tst_taint.pl
"-T" is on the #! line, it must also be used on the command line at ts
+t_taint.pl line 1.

d:\tmp\pm>
[download]

The same effect of exiting the current process can also be achieved by checking the read-only flag ${^TAINT}.

Putting this check into a pragma called use taint; (which I couldn't find yet) would be even better.

And this pragma could even go further, and re-exec the current script, with the -T flag set.

THOUGH ... the code for this pragma would need to be secured with special privileges, to avoid a backdoor for attackers...

I can't tell if this is bulletproof, but security is always relative anyway.