My first guess is that on some platforms the File::Spec->splitpath, File::Spec->splitdir or File::Spec->catdir calls near line 1673 may be giving a tainted result, perhaps because they need to turn a relative path into an absolute one.

Maybe if you get the current working directory, untaint it, and then provide an absolute path for DIR that would avoid the problem.