Right; presumably, you'd properly scope your localization if you had interest in other environmental variables, and propagate any values of interest. For my own development, I rarely shell out to do something other than invoke a command line utility for heavy numerics, with validation performed at the script level. If you trust externally set environmental variables to pass information to your CLI, I don't understand why you'd bother with taint in the first place.