You don't get to choose just some to be tainted. If taint mode is on, all the data is tainted. The usual way to detaint is, for instance,

my $zip = $cgi->param('zipcode');
$zip = $1 if $zip =~ m/^(\d{5})$/;
[download]

Taint mode helps you guarantee that all the data you use is really checked.

The Regexp::Common module is uncommonly handy for these chores.