You can also extract the files from a .deb file and place them wherever you so desire as well though if you really want to be that extreme about it. I see no issue with installing things as root, it's running random software as root that's the real issue. If you verify what the post-install script for a Debian package is doing (ie not running anything not already on the system) you should be fine to install KeyBase and any other package as root.
Packages don't run the software they install unless it installs a daemon or something.
My concern isn't that I don't trust Keybase to not be malicious, it's that I don't trust their packaging to not conflict with other packages. Debian has a very strict packaging process and it effectively guarantees a stable system, but installing packages that don't follow the standards that their packagers have could cause problems on upgrades.
I don't know enough about Linux to verify that the Keybase package does everything right; I delegate that to the Debian packagers and don't install anything as root unless it's from the Debian package repositories. Any software that I need that isn't in the distro is installed to a folder inside my home folder, where it might conflict with other custom installed software, but at least it won't break the entire system.
I believe if you do dpkg --contents keybase.deb (or whatever it's called) it will list out what files are in a debian file. You should be able to see if they're including their own that conflict with the rest of the OS, but also if a package is going to mess with a file the OS installed, my experience has been that the package manager will warn you of this or not allow it, but I can't remember off the top of my head. Sane use of dependencies on Debian means depending on the specific dependency from that specific version of Debian.
I've built my own Debian packages at work, but I'm not a total guru yet. I've never ran into issues with KeyBase yet on Linux, but honestly you could always open up a GitHub issue with your concerns to find out.
Edit:
Best I can tell from their github they install KeyBase to /opt/keybase specifically, or at least the main stuff, which is what third party packages usually do.
Packages don't run the software they install unless it installs a daemon or something.