$ENV{REMOTE_USER} will work as long as some sort of basic authentication has been performed (IE those times when a little box pops up on the users browser asking them for a user and password). For example if you are restricting part of your site with .htpassword files or using AuthCookie etc.
However if the area of the site is public or a more complex authentication is in place (ie nice cute forms with submit buttons) then $ENV{REMOTE_USER} will remain undefined.
Thanks for the helpful explanation vagnerr. The tidbits of useful knowledge that come from posts like yours are one of the great values that PM provides.