Someone else mentioned this, but I want to emphasize its importance. If you are handling untrustworthy user input from arbitrary people in the wild outside world, always turn on taint checking. This will not catch every potential security problem, but it will catch more than a few of the subtle ones you're likely to miss otherwise. Use it. It will save your bacon sometimes.