Taint isn't hard to understand at all. It just means "addon code touched this, so we can't assume execution is safe from here on out". Taint usually spreads by replacing or calling UI functions (implemented in Lua) directly, instead of properly hooking on to functions when they execute instead.
Using widget meta functions (such as SetPoint) doesn't spread taint. E.g:
Lua Code:
-- This will spread taint if BuffFrame:SetPoint() is called in a signed code scope.
local realSetPoint = BuffFrame.SetPoint
function BuffFrame:SetPoint()
realSetPoint(self, "CENTER", UIParent, "RIGHT", -500, 200)
end
-- This will not spread taint at any time, ever.
hooksecurefunc(BuffFrame, "SetPoint", function(self, pnt, relTo, relPnt, x, y)
if pnt ~= "CENTER" or relPnt ~= "RIGHT" or x ~= -500 then
self:SetPoint("CENTER", UIParent, "RIGHT", -500, 200)
end
end)