Not running taint checks is clearly a security flaw. On the other hand, I can't really entertain the idea that not running with strictures and warnings is a bug.

Turning off warnings in CGI scripts can stop your logs blowing out. I agree that a warning should be acted upon at the earliest opportunity and I ensure that all my programs are warning-free, but a warning is just that, a warning. On the other hand running out of space on your logging device is catastrophic. You have to make a tradeoff between paranoia and pragmatism.

And remember that strict.pm guards against three things: symbolic references, bareword "poetry" subs and undeclared variables. I think most people just 'use strict' to help them make sure they always use lexical variables. People rarely use package variables these days and even less people use symbolic references (by accident or otherwise).

So while I always use strict in my programs, I do not consider a program that doesn't as being inferior. Doing so is not a bug.