By removing $Bin or $0's tainting, you're allowing a path outside your control to be added to @INC. Given that security is an excercise in balancing risks and rewards, the question is: Is that is an issue for you?

If you're only concerned about securing against web users, this is a risk you might be willing to accept.

If you're also concerned about other users on your system, such as if this is a setuid script, this is a risk you should not accept.

Either way, be sure to document this risk and your decision.