rmtree uses either rmdir or unlink to actually do the removal. Therefore in taint mode, you need to set the path to a known value before calling it.

You seem to have the right idea. I'd do something like

$ENV{PATH} = '/bin:/usr/bin';
[download]

--
<http://www.dave.org.uk>

"The first rule of Perl club is you don't talk about Perl club."