By your definition, the following is "taint approved" as well:

my $untained = $tainted =~ /^(.*)/s;
[download]

Something's that safe for use under -T is something that's guaranteed to deliver exactly what it promises to deliver, and your code does not do that.

print stripper('fqdn', 'www.a.;EVIL!/')   # www.a.;EVIL!
[download]

EVIL! can't contain [\s/] which makes it impractical as an attack vector in most situations, but there's no way that what the sub returns should be considered safe.