The issue I have with Perl taint checking is that data is untainted by a group match within a regexp.

It's not explicit enough and it's easy enough to find legitimate code with accidental untainting of dangerous data.

Ruby requires an explicit untaint call, and IMHO it's the right way to go.