perl-5.8.7/taint.c:

    static char* misc_env[] = {
	"IFS",		/* most shells' inter-field separators */
	"CDPATH",	/* ksh dain bramage #1 */
	"ENV",		/* ksh dain bramage #2 */
	"BASH_ENV",	/* bash dain bramage -- I guess it's contagious */
	NULL
    };


$ perl -Mdiagnostics -wT -le 'print `date`'
Insecure $ENV{PATH} while running with -T switch at -e line 1 (#1)
    (F) You can't use system(), exec(), or a piped open in a setuid or
    setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
    $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
    supplied (or potentially supplied) by the user.  The script must set
    the path to a known value, using trustworthy data.  See perlsec.

Uncaught exception from user code:
        Insecure $ENV{PATH} while running with -T switch at -e line 1.
 at -e line 1
$