This specific problem doesn't have to do with File::Find in particular. It has to do with the fact that your script is inheriting a PATH from the environment, but Perl regards that as an untrusted source. The way to fix the specific problem you're having is to set $ENV{PATH} in your script before you make any system calls. perldoc perlsec has a wealth of information for you on this and other security matters. Some sample code:

$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
[download]

That snippet will make your PATH safe and also will delete some other environment variables that could be used by a clever meanie to make your script do unwanted things.

Update : you might want to wrap such code in a BEGIN {} block, if you add those lines at the beginning of your script and you still get the error. Doing so will ensure the untainting happens before anything goes on in any of the modules you import. end update

There's another roadbump on the horizon, however. I found out a little while back that information from the filesystem is regarded as tainted, and the File::Find versions from before that shipped with perl 5.6.0 have no mechanism for untainting the data. So if you try to do anything 'unsafe' with a filename, perl will complain when running under -T. The best thing to do in that case is to manually untaint any data you get from the filesystem before you use it in a system call. Again, perldoc perlsec is your go-to source.

HTH

Philosophy can be made out of anything. Or less -- Jerry A. Fodor