[g105b]

That's how all executable code is distributed outside of a package manager.

Ever downloaded an EXE on Windows or DMG on Mac? It's the same, except you can inspect the code doing it this way if you were worried.

[smacktoward]

Good thing nothing bad ever happened because someone ran an EXE they downloaded off a Web site...

[pjc50]

Windows will complain if you download and try to run an unsigned exe. While APT packages can be signed, wget|sh can't be, so it's comparatively easier for someone to trojan the website and distribute malware.