Perl Security: 4. Handling tainted data
What is tainted data?

Most programs don't work just with their own data - They consume data present in the program's environment or specified at runtime by a user. 

Our program cannot trust this data, as it was not generated by itself, so Perl marks it as 'tainted' data.

So, tainted data is all data coming from:

Interaction with an user

Data present in the environment (remember that CGI parameters are recieved this way)