All of the answers I have seen are good. I think I have a few things to add.

• Production code should run under taint mode, but when doing command line debugging you usually have to turn it off because the debugger has a tendency to crash.
• Debugging form processing has additional complications. I think there is nothing here that does not apply to CGI in general. If a form seems to misbehave make sure you are setting all the parameters even if to the empty string. Also have you turned on the debug mode in CGI?
• Also if you ever end up debugging through DataFormValidator you'll need to know about the overload module first, as the Results class overloads certain contexts to a boolean value. This means you must deference the object as hash before you can inspect it.