Oooh, that's actually a pretty good question. I could see not changing the default behavior (and maybe adding a warning enabled by default if tainting is enabled), and then have an option ($MIME::Base64::PRESERVE_TAINT) or a separate sub (decode_base64_tainted( $blah )) that does preserve taintedness on the returned value. At any rate that's probably worth running past the author and/or p5p.