There is a module geared to exactly what you want CGI::Untaint.

But back to point of not being able run -T in production, I once was in a situation like this and a great workaround (me being paranoid) was to set up an enviroment where I could run taint to develop and test it there. This will eliminate to need of running -T in a production enviroment.

And how could I forget to promote Ovid's CGI::Safe module, for your other non-taint related cgi security concerns.