If the user has command line access, then I see no reason from stopping them to run perl code. A good starting point is "originate from a web page interface accessible to 'external' users." The question I asked was about untainting, thus for any and all reasons one should want to untaint a string to be used to match against another string, this would include but not limited too the above.

In this case, a Nagios module, the nrpe could be configured to allow argument passing. This gives the remote monitoring server the ability to specify any string and it may not have command line access.