[jstepien]

  copy and paste in the following command:
  /usr/bin/ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

It is getting more and more popular to come across such installation recipes. "Just execute this command", which will download some code from the net and run it on your machine. Yes, it's easy and quick but it's terribly insecure, especially without HTTPS. Just take a look at http://npmjs.org . Just imagine the results if npmjs.org gets compromised. This trend is troubling.

[petercooper]

At some point you're downloading something and executing it. Unless you pick through all of the source code or decompile the binaries you download, you could get caught at any stage.

For a beginner, it makes no difference if they get burnt by a gist or by a compromised package or binary. And they can at least attempt to read https://raw.github.com/gist/323731 in plain text.

[mathrawka]

I feel the same way, but you are putting the same amount of trust in external services when you run something like 'npm install' already.

And don't forget that something like:

git clone .... sudo make install

is a huge hole for bad things to happen as well.