[_delirium]

Well, the existing Linux package managers aren't really safer as far as the archive formats go; for example, .debs can run arbitrary shell scripts during installation. The main thing that seems to add to the safety is the social practice of grabbing debs via trusted repositories using apt-get/aptitude/synaptic, rather than manually downloading them from random sites and doing dpkg -i. But if there is malware, it's even worse, because at least these shar installers are usually installed as non-root, while installing a .deb needs root.