I don't see much point of using -T on stuff like interactive clients, Tk or not. After all, if the user is going to try to mess with the client, all he can do is screw himself. I make it a point to use it for the server end though, whether it's a CGI script, daemon, Win32 service, or whatnot.
That's not to say that a client program shouldn't be doing any kind of error checking. It should, to some extent. But the server shouldn't depend on that at all, and it should thoroughly check all input in minute detail (which is where taint mode helps out a bit, though it's not 100% foolproof).
Basically, it comes down to this: any code running on a machine which you don't control is code that you can't depend on in terms of security.