The initial state of your process's environment is controlled by the parent process, and is thus tainted.

$ echo '#!/usr/bin
> echo owned
> ' > ~/evil/ls

$ chmod 755 ~/evil/ls

$ PATH=~/evil/:"$PATH" script.pl
owned
[download]

The environment needs to be scrubbed.