[matt4711]

There was a post on HN a while ago where somebody wrote a server side tool which can detect curl -> bash piping and delivered different content if that happens.

[arcticfox]

Sure, but how is that any less secure than other installation alternatives? As the site owner, I could swap out a valid package for a troll package at any moment to any subset of users I wanted to if they're not validating the contents of it...

[dredmorbius]

You can't change the contents on a user's local storage that they've verified.

Curlbash lets you change out offerings at will, and leaves no auditable source for the user.