Hmm, interesting: I confess I don't use tainting in my CGI scripts despite the common recommendations, and this is part of the reason why - the data sources I want to choose not to trust are a small fraction of the whole, and the maintenance cost of detainting everything seems too high to me.

I wonder whether there's a need for IO layers that can be used to create "tainted" data streams, and "untainted" data streams. (You still would have to consider $0 and the various environment variables though).