Taint mode is nothing more than a gentle reminder to check your data as you receive it. You can easily make taint mode useless by untainting your data in a very liberal manner:

my $bad;
if ($field{username} =~ /^(.*)$/) {
  $bad = $1;
};
[download]

In the above example, $bad is untainted, but still might contain unwanted data, like trailing spaces or the like.

Taint mode never changes your data, it is there to change how you look at your data. If you look at your incoming data in a cavalier manner, you won't benefit from taint mode.

There is no magic wand for security