If you localize it so other code could still use the original values, then there's the distinct possibility said other code will die because it will use tainted values in a possible unsafe way.

I would say that it's the task of the code that sets the taint flag to clean %ENV. Note also that %ENV is populated with data provided by the environment. Said other module might exhibit unpredicatable behaviour anyway if it wasn't your code that set $ENV{PATH}, but the environment.