in reply to
To taint or not to taint?
Do you trust your users? If not, then does what you're doing lead to any potential risks at all? If so, then do you consider your code perfect? If not then why would you give up a very cheap reminder that could catch an accidental severe mistake?
My answer to the first question generally depends on whether my programs are facing the general internet or are internal to whoever I am working for. I tend to be a little paranoid in my answer to the second. The answers to the last two are that my code is not perfect, and I love cheap reminders that catch real mistakes.
I therefore tend to use taint mode exactly when my code is facing the general internet.