Well, you're missing the obvious point that taint was designed to avoid DIRTY data from messing up system calls, and tainted data doesn't break print -- A browser/website vulnerable to XSRF is about 11 domains removed from domain of taint -- not taints job