Actually this seems to be a problem with Net::SFTP::Foreign's get method not checking $mode. Not $local. When $sftp->get open's the file for writing, it should complain about taintedness on then FH open. Not during the chmod.

The culprit appears to be $mode being passed to chmod unchecked. The method which get's $mode uses an Open2 call to get remote file stats. stat* doesn't appear to be taint checked after it's returned from the system.