in reply to Weird un-tainting problem.

Here is much simpler code that demonstrates the same problem: 
#!/usr/bin/perl -T

use strict;

my $docroot = "/home/httpd/sec-html/";

if ($ENV{SCRIPT_FILENAME} =~ /${docroot}(.*?)\//) { print "RE MATCH!\n
+"; }
my $realm = $1;

if (is_tainted($realm)) { print "Realm: $realm is tainted!\n"; }

sub is_tainted { return ! eval { join('',@_), kill 0; 1; }; }

[download]
Here is what I get when I run it: 
[chaka@pengy sec-cgi]# export SCRIPT_FILENAME=/home/httpd/sec-html/sur
+flo/
[chaka@pengy sec-cgi]# ./index.cgi
RE MATCH!
Realm: surflo is tainted!

[download]
My perl version is 5.005_03

In Section Seekers of Perl Wisdom