When using the Dancer::Plugin::Email module,should you check the user input for malicious data or is the input automatically tainted etc?

What happens when you try some malicious data?

I don't think its likely that Email::Sender is vulnerable to shell interpolation

Although Dancer specific, does in the general case that the server runs as root and the untrusted user input passes a system("rm -rf *") or something along those lines that is then fed to the sendmail executable pose a risk and opens the can of worms?

Maybe, it depends on the code

Is that why it is recommended to run the webserver as a limited privilege user?

Yes