Taint checking is a security tool, not a development tool. Unless security is unimportant in production, do not remove it.

Oh? I know it's a run-time mechanism, but I was under the impression that if you were doing anything unsafe with tainted data, a reasonable amount of testing would flush that out, and you'd fix it, and subsequently you would not be doing unsafe things with tainted data, provided the script and the taintedness of its data don't change and that you tested all the code pathways in testing. I've been leaving it turned on, because not forgetting to turn it back on if I make changes is more important to me than performance, but I'd be interested in an explanation of how my thinking in this area is mistaken.

$;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}}
split//,".rekcah lreP rehtona tsuJ";$\=$ ;->();print$/
[download]

I was under the impression that if you were doing anything unsafe with tainted data, a reasonable amount of testing would flush that out

Sure. But testing is done by people. People make mistakes. Computer is here to help us. It's not perfect, but once you decide you like tainting, why remove it? Perhaps the computer will find more mistakes later.

Please note that I do not use -T unless when automatically enabled.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }