Perl's Taint mode made it more secure than most languages, including today's. Other languages later ran into the same security bugs that had been fixed in Perl a decade before.
I wouldn't go that far. Perl's got a very simplistic view of a tainted value with no context of usage. An untainted value will be fine for example for embedding in html, but not for SQL queries, paths, mongo queries, json strings, shell downs, etc. The protection/checks you get from it are really minimal in practice in comparison to Sonar and similar analysers.
The simplicity is what I liked about taint mode - it didn’t purport to make anything safe for any particular context, you had to do that yourself. It just tracked strings that came in from outside Perl to make sure they didn’t get sent outside Perl again without being run through a regex. My main critique is that you don’t always want to use a regex to check safety, sometimes you want to try properly parsing a value before handing it off to another system. So in various places I’d end up untainting with a dot star regex.
