takes a string and removes all 'unsafe' (meta) characters
That's too broad. What's unsafe to the shell is not unsafe to an email address, and vice versa.
And contrary to what I picked up from skimming that long
article, the best way to keep the shell from interpreting unsafe characters is to not even use a shell at all! Most child process invocations can use a shell-less invocation (multiple arguments to system or exec), and then there's never a problem with the potential characters in the first place!
So, while I understand what you are trying to do, I don't understand why you are even trying to do it. You're
starting at the wrong end of the picture.
-- Randal L. Schwartz, Perl hacker